CN108805551B - A secure fine-grained prepayment method and device - Google Patents

Abstract

The invention discloses a safe fine-grained pre-payment method and device. The method comprises the following steps: initializing and generating public and private keys of system public parameters, a registration authority and participants; registering, wherein a registration authority generates a public key certificate of a participant; presetting, namely, a payer sets preset information of a payee, a locked amount and a cut-off condition, and the payee sets new preset information as a new payer to form an off-chain payment chain or loop; verifying, namely verifying the validity of the public key certificate and the preset information of the payer by the payment endorsement party and generating a prepaid certificate; paying, wherein the payer transmits the prepaid voucher and the payment signature to the payee; collecting money, wherein the payee verifies the validity of the prepaid voucher, the payment signature and the payment amount; and (4) settlement, namely verifying the validity of the prepaid voucher, the payment signature and the payment amount submitted by each payee by the payment endorsement party and distributing balance. The invention can resist counterfeiting, double cost and excess cost, realize fine-grained instant payment, improve currency circulation and protect user privacy.

Description

Translated fromChinese

一种安全的细粒度预支付方法及装置A secure fine-grained prepayment method and device

技术领域technical field

本发明涉及通信系统中的信息安全领域、通信系统中的数字货币支付技术领域，特别涉及一种安全的细粒度预支付方法及装置。The invention relates to the field of information security in communication systems and the technical field of digital currency payment in communication systems, in particular to a secure fine-grained prepayment method and device.

背景技术Background technique

随着经济的快速发展以及电子技术的快速进步，由于电子支付具有快捷、便利的优点，所以电子支付得到了广泛应用。电子支付采用数字化货币进行交易，摆脱了对传统纸质货币和票据的依赖性，使得支付过程更快捷、高效、交易成本更低；电子支付能够提高企业资金运转的可监管性。但是，当前电子支付技术仍然存在一些不足：首先，电子支付是一个在线支付过程，该过程需要付款方、收款方、支付背书方同时在线才能完成交易。因此，电子支付仅适合于网络通信较好的区域，而不适合于偏远地区或通信基础设施损坏或者遭到破坏的地质灾害突发地区。其次，支付过程需要支付背书方在线验证货币的有效性，因此支付背书方的计算能力限制了电子支付速度。在交易高峰期，容易出现支付缓慢或支付失败问题。最后，电子支付具有较低的隐私保护，用户的交易记录完全暴露在支付平台上，容易导致隐私泄露问题。With the rapid development of the economy and the rapid progress of electronic technology, electronic payment has been widely used due to the advantages of fast and convenient electronic payment. Electronic payment uses digital currency for transactions, getting rid of the dependence on traditional paper currency and bills, making the payment process faster, more efficient, and lower transaction costs; electronic payment can improve the supervision of the operation of enterprise funds. However, the current electronic payment technology still has some deficiencies: First, electronic payment is an online payment process, which requires the payer, the payee, and the payment endorser to be online at the same time to complete the transaction. Therefore, electronic payment is only suitable for areas with good network communication, not suitable for remote areas or areas where the communication infrastructure is damaged or destroyed by geological disasters. Secondly, the payment process requires the payment endorser to verify the validity of the currency online, so the computing power of the payment endorser limits the speed of electronic payment. During peak transaction periods, it is prone to slow payments or payment failures. Finally, electronic payment has low privacy protection, and the user's transaction record is completely exposed on the payment platform, which easily leads to privacy leakage.

基于区块链的数字货币支付系统具有快捷、高效的优点，同时还具有较高的安全性和隐私保护。首先，区块链是去中心化的系统，用户的交易记录存储在分布式系统中，具有较高的安全性、健壮性。其次，区块链采用带有时间戳的链式区块结构存储数据,使得系统具有较强的可验证性、不可篡改性、可追溯性。第三，基于区块链的数字货币是可分割的，支持细粒度支付。因此，基于区块链的数字货币系统具有广阔的研究价值。但是，目前该系统还存在一些缺陷，如需要在线交易，交易缓慢、交易费用较高。The digital currency payment system based on blockchain has the advantages of fast and efficient, and also has high security and privacy protection. First of all, the blockchain is a decentralized system, and users' transaction records are stored in a distributed system, which has high security and robustness. Secondly, the blockchain uses a chain block structure with timestamps to store data, making the system highly verifiable, non-tamperable, and traceable. Third, blockchain-based digital currencies are divisible and support fine-grained payments. Therefore, the blockchain-based digital currency system has broad research value. However, at present, the system still has some defects, such as the need for online transactions, slow transactions and high transaction fees.

因此，构建能够抗伪造、双重花费、超额花费攻击，无论在线还是离线状态下都能完成高效、灵活、细粒度的即时支付，而且如何能够保护用户隐私的支付系统是当前亟待解决的关键问题。Therefore, building a payment system that can resist forgery, double-spending, and overspending attacks, and can complete efficient, flexible, and fine-grained instant payments whether online or offline, and how to protect user privacy is a key issue that needs to be solved urgently.

发明内容SUMMARY OF THE INVENTION

本发明的目的是提供一种能够提高货币的流通性、增强用户隐私保护的安全的细粒度预支付方法及装置。The purpose of the present invention is to provide a fine-grained prepayment method and device that can improve the liquidity of currency and enhance the security of user privacy protection.

为实现上述目的，本发明提供了如下方案：For achieving the above object, the present invention provides the following scheme:

一种安全的细粒度预支付方法，所述支付方法应用于支付系统，所述支付方法包括：A secure and fine-grained prepayment method, the payment method is applied to a payment system, and the payment method includes:

获取所述支付系统的公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户；系统参与方包括支付背书方、付款方、收款方；Obtain the public parameters of the payment system, the public and private keys of the registration authority, the public and private keys of the system participants, and generate an account according to the public keys of the system participants; the system participants include the payment endorser, the payer, and the payee ;

所述系统参与方与注册机构交互获得公钥证书；The system participant interacts with the registration authority to obtain a public key certificate;

所述付款方设置预置信息，所述预置信息为收款方、锁定金额和截止条件，所述收款方作为新付款方设置新预置信息，形成对应的离链支付链；The payer sets preset information, the preset information is the payee, the locked amount and the deadline, and the payee sets new preset information as a new payer to form a corresponding off-chain payment chain;

所述支付背书方验证所述付款方公钥证书和所述预置信息的有效性，并发布预付凭证；The payment endorser verifies the validity of the payer's public key certificate and the preset information, and issues a prepaid certificate;

所述付款方对支付金额进行签名并将所述预付凭证与付款签名发送至所述收款方；The payer signs the payment amount and sends the prepaid voucher and payment signature to the payee;

所述收款方验证所述预付凭证、所述付款签名和所述支付金额的有效性；the payee verifies the validity of the prepaid voucher, the payment signature and the payment amount;

所述支付背书方验证各收款方发送的所述预付凭证、所述付款签名、所述支付金额的有效性，并分配余额。The payment endorser verifies the validity of the prepaid voucher, the payment signature, and the payment amount sent by each payee, and allocates the balance.

可选的，所述实体机构包括：注册机构、支付背书方、付款方、收款方，每个实体机构的角色都由至少一个实体组成。Optionally, the entity institution includes: a registration institution, a payment endorser, a payer, and a payee, and the role of each entity institution is composed of at least one entity.

可选的，所述获取所述支付系统的公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户具体包括：Optionally, obtaining the public parameters of the payment system, the public key and private key of the registration authority, the public key and private key of the system participant, and generating the account according to the public key of the system participant specifically includes:

根据所述支付系统的安全参数计算所述支付系统的公共参数；Calculate the public parameters of the payment system according to the security parameters of the payment system;

根据所述支付系统公共参数，所述实体机构运行各自秘钥生成算法，生成各自的私钥和公钥；According to the public parameters of the payment system, the entity organizations run their respective secret key generation algorithms to generate their respective private keys and public keys;

根据公钥和随机数对应一个账户。Corresponds to an account according to the public key and random number.

可选的，所述所述系统参与方与注册机构交互获得公钥证书具体包括：Optionally, the system participant interacting with a registration authority to obtain a public key certificate specifically includes:

所述系统参与方向所述注册机构提交参与方公钥；The system participant submits the participant public key to the registration authority;

注册机构根据公共参数、注册机构私钥、系统参与方公钥获得一个公钥证书。The registration authority obtains a public key certificate according to the public parameters, the registration authority private key, and the public key of the system participant.

可选的，所述付款方设置预置信息，所述预置信息为收款方、锁定金额和截止条件，所述收款方作为新付款方设置新预置信息，形成对应的离链支付链具体包括：Optionally, the payer sets preset information, and the preset information is the payee, the locked amount, and the deadline, and the payee, as a new payer, sets new preset information to form the corresponding off-chain payment. The chain specifically includes:

所述付款方根据公共参数、付款方私钥及其账户、收款方公钥、账户、锁定金额和截止条件获得一个预置信息签名；The payer obtains a preset information signature according to the public parameters, the payer's private key and its account, the payee's public key, account, locked amount and deadline;

收款方作为新的付款方根据公共参数、新的付款方私钥和账户、新收款方公钥和账户、新锁定金额和新截止条件获得一个新预置信息签名。As the new payer, the payee obtains a new preset message signature according to the public parameters, the new payer's private key and account, the new payee's public key and account, the new locked amount and the new deadline.

可选的，所述支付背书方验证所述付款方公钥证书和所述预置信息的有效性，并发布预付凭证具体包括：Optionally, the payment endorser verifies the validity of the payer's public key certificate and the preset information, and the issuance of the prepaid certificate specifically includes:

支付背书方根据公钥、随机数获得一个账户；The payment endorser obtains an account according to the public key and random number;

根据公共参数、注册机构公钥、付款方公钥和公钥证书，判断公钥证书的有效性；Judging the validity of the public key certificate according to the public parameters, the public key of the registration authority, the public key of the payer and the public key certificate;

根据公共参数、付款方公钥和账户、收款方公钥和账户、锁定金额、截止条件和预置信息签名，判断所述预置信息签名的有效性；Judging the validity of the preset information signature according to public parameters, the payer's public key and account, the payee's public key and account, the locked amount, the deadline condition and the preset information signature;

如果所述预置信息签名和所述公钥证书均有效，根据公共参数、支付背书方私钥、付款方公钥及账户、收款方公钥及账户、锁定金额和截止条件获得一个预付凭证，并锁定付款方承诺的相应金额；如果收款方作为新付款方提交新预置信息，则对新预置信息重新执行上述操作，以此类推。If both the preset information signature and the public key certificate are valid, a prepaid certificate is obtained according to the public parameters, the private key of the payment endorser, the public key and account of the payer, the public key and account of the payee, the locked amount and the deadline. , and lock the corresponding amount promised by the payer; if the payee submits new preset information as a new payer, the above operations will be performed again for the new preset information, and so on.

可选的，所述所述付款方对支付金额进行签名并将所述预付凭证与付款签名发送至所述收款方具体包括：Optionally, the paying party signing the payment amount and sending the prepaid voucher and payment signature to the payee specifically includes:

所述付款方根据公共参数、付款方私钥、付款方账户、收款方账户、支付金额和随机数，获得一个付款签名；The payer obtains a payment signature according to the public parameters, the payer's private key, the payer's account, the payee's account, the payment amount and the random number;

所述付款方将预付凭证和付款签名发送给收款方，并向收款方证明支付金额的有效性；The payer sends the prepayment certificate and the payment signature to the payee, and proves to the payee the validity of the payment amount;

支付金额的有效性证明方法：所述付款方向所述收款方揭露所述付款方的收款金额与锁定金额，证明收款金额与锁定金额之和大于或等于支付金额；使用Paillier公钥加密体制和承诺值证明方法进行证明支付金额的有效性以保护交易隐私。The method of verifying the validity of the payment amount: the payer discloses the payment amount and the locked amount of the payer to the payee, and proves that the sum of the received amount and the locked amount is greater than or equal to the payment amount; use Paillier public key encryption The system and the Proof of Commitment method are used to prove the validity of the payment amount to protect transaction privacy.

可选的，所述收款方验证所述预付凭证、所述付款签名和所述支付金额的有效性具体包括：收款方根据公共参数、支付背书方公钥、付款方公钥及账户、收款方公钥及账户、锁定金额、截止条件、预付凭证，判断预付凭证的有效性；Optionally, verifying the validity of the prepaid voucher, the payment signature and the payment amount by the payee specifically includes: the payee according to public parameters, the public key of the payment endorser, the public key of the payer and the account, The public key and account of the payee, the locked amount, the deadline, and the prepaid voucher, to judge the validity of the prepaid voucher;

根据公共参数、付款方公钥、付款方账户、收款方账户、支付金额、随机数、付款签名，判断付款签名的有效性；Judging the validity of the payment signature according to the public parameters, the payer's public key, the payer's account, the payee's account, the payment amount, the random number, and the payment signature;

根据付款方的收款金额、锁定金额、支付金额，判断支付金额的有效性；如果以上三项均输出有效，则支付被接受，否则支付被拒绝；Judging the validity of the payment amount according to the payment amount, locked amount, and payment amount of the payer; if the above three items are all valid, the payment is accepted, otherwise the payment is rejected;

所述支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额的步骤包括：支付背书方收集各收款方提交的结算信息，并对结算信息再次进行收款模块中的三项判断；The payment endorser verifies the validity of the prepaid voucher, the payment signature and the payment amount submitted by each payee, and allocates the balance accordingly. Carry out the three judgments in the collection module again;

如果这三项判断均输出有效，则同意结算并分据此余额，否则拒绝结算；各收款方提交结算信息给支付背书方可以是明文或密文方式提交，支付背书方分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行判断。If the output of these three judgments is valid, the settlement is agreed and the balance is divided according to the balance, otherwise the settlement is refused; the settlement information submitted by each payee to the payment endorser can be submitted in plain text or cipher text, and the payment endorser will directly judge or Use Paillier public key encryption system and committed value proof method to judge.

为了实现上述目的，本发明还提供了如下方案：In order to achieve the above object, the present invention also provides the following scheme:

一种安全的细粒度预支付装置，所述支付装置包括：A secure fine-grained prepayment device, the payment device comprising:

初始化模块，用于生成系统公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户。系统参与方是指支付背书方、付款方、收款方；The initialization module is used to generate the public parameters of the system, the public and private keys of the registration authority, the public and private keys of the system participants, and generate an account according to the public keys of the system participants. System participants refer to payment endorsers, payers, and payees;

注册模块，用于系统参与方与注册机构交互生成公钥证书；The registration module is used for the interaction between the system participants and the registration authority to generate public key certificates;

预置模块，用于付款方设置收款方、锁定金额和截止条件预置信息，而收款方作为新付款方设置新预置信息，以此类推，形成离链支付链或环；The preset module is used for the payer to set the payee, the locked amount and the preset information of the deadline, and the payee as the new payer to set the new preset information, and so on, to form an off-chain payment chain or ring;

验证模块，用于支付背书方验证付款方公钥证书和预置信息的有效性并发布预付凭证；The verification module is used for the payment endorser to verify the validity of the payer's public key certificate and preset information and to issue the prepaid certificate;

支付模块，用于付款方对支付金额进行签名并把预付凭证与付款签名传递给收款方；The payment module is used for the payer to sign the payment amount and transmit the prepaid voucher and payment signature to the payee;

收款模块，用于收款方验证预付凭证、付款签名以及支付金额的有效性；The payment module is used by the payee to verify the validity of the prepayment certificate, payment signature and payment amount;

结算模块，用于支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额。The settlement module is used for the payment endorser to verify the validity of the prepaid voucher, payment signature and payment amount submitted by each payee, and allocate the balance accordingly.

可选的，所述预置模块，用于付款方输入包括公共参数、付款方私钥及其账户、收款方公钥及其账户、锁定金额和截止条件，输出包括一个预置信息签名；收款方可作为新的付款方输入包括公共参数、该新的付款方私钥及其账户、新收款方公钥及其账户、新锁定金额和新截止条件，输出包括一个新预置信息签名；Optionally, the preset module is used for the payer's input to include public parameters, the payer's private key and its account, the payee's public key and its account, the locked amount and the expiration condition, and the output includes a preset information signature; The payee can input as a new payer including public parameters, the new payer's private key and its account, the new payee's public key and its account, the new locked amount and the new deadline, and the output includes a new preset information sign;

所述注册模块用于系统参与方向注册机构提交包括参与方公钥，注册机构输入包括公共参数、注册机构私钥、系统参与方公钥，输出包括一个公钥证书；公钥证书的生成可以使用常规签名、代理签名、群签名、环签名，以增强匿名性或可追踪性；The registration module is used for the system participant to submit the public key of the participant to the registration authority, the input of the registration authority includes public parameters, the private key of the registration authority, and the public key of the system participant, and the output includes a public key certificate; the generation of the public key certificate can use Regular signatures, proxy signatures, group signatures, ring signatures to enhance anonymity or traceability;

所述验证模块用于支付背书方输入包括公钥、随机数，输出包括一个账户；输入包括公共参数、注册机构公钥、付款方公钥和公钥证书，输出包括对公钥证书的有效性判断；输入包括公共参数、付款方公钥及其账户、收款方公钥及其账户、锁定金额、截止条件，以及预置信息签名，输出包括对预置信息签名的有效性判断；如果以上三项输出的判断均为有效，则输入包括公共参数、支付背书方私钥、付款方公钥及账户、收款方公钥及账户、锁定金额和截止条件，输出包括一个预付凭证，并锁定付款方承诺的相应金额；如果收款方作为新付款方提交新预置信息，则对新预置信息进行以上四步操作，以此类推；The verification module is used to pay the endorser. The input includes a public key and a random number, and the output includes an account; the input includes public parameters, the public key of the registration authority, the payer's public key, and a public key certificate, and the output includes the validity of the public key certificate. Judgment; the input includes public parameters, the public key of the payer and its account, the public key of the payee and its account, the locked amount, the deadline, and the preset information signature, and the output includes the validity judgment of the preset information signature; if the above If the three outputs are all valid, the input includes public parameters, the payment endorser’s private key, the payer’s public key and account, the payee’s public key and account, the locked amount and the cut-off condition, and the output includes a prepaid voucher and locked The corresponding amount promised by the payer; if the payee submits new preset information as a new payer, the above four steps will be performed on the new preset information, and so on;

所述支付模块用于付款方输入包括公共参数、付款方私钥、付款方账户、收款方账户、支付金额和随机数，输出包括一个付款签名；付款方把预付凭证与付款签名传递给收款方，并向收款方证明支付金额的有效性；传递方式可以是明文或密文方式；支付金额的有效性证明方法，付款方可以向收款方揭露付款方的收款金额与锁定金额，从而证明收款金额与锁定金额之和大于等于支付金额，也可以使用Paillier公钥加密体制和承诺值证明方法进行证明支付金额的有效性以保护交易隐私；The payment module is used for the payer's input including public parameters, the payer's private key, the payer's account, the payee's account, the payment amount and the random number, and the output includes a payment signature; Payer, and prove the validity of the payment amount to the payee; the transmission method can be in plaintext or ciphertext; the method of proving the validity of the payment amount, the payer can disclose the payer’s received amount and locked amount to the payee , so as to prove that the sum of the received amount and the locked amount is greater than or equal to the payment amount, and the Paillier public key encryption system and the commitment value proof method can also be used to prove the validity of the payment amount to protect transaction privacy;

所述收款模块用于收款方输入包括公共参数、支付背书方公钥、付款方公钥及账户、收款方公钥及账户、锁定金额、截止条件、预付凭证，输出包括对预付凭证的有效性判断；输入包括公共参数、付款方公钥、付款方账户、收款方账户、支付金额、随机数、付款签名，输出包括对付款签名的有效性判断；输入包括付款方的收款金额、锁定金额、支付金额，输出包括对支付金额有效性判断；如果以上三项均输出有效，则支付被接受，否则支付被拒绝；最后一项判断中，付款方的收款金额、锁定金额、支付金额的输入方式可以是明文或密文方式，分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行有效性判断；The collection module is used for the input of the payee to include public parameters, the public key of the payment endorser, the public key and account of the payer, the public key and account of the payee, the locked amount, the deadline, and the prepayment certificate, and the output includes the prepayment certificate. The validity judgment of the payment method; the input includes public parameters, the payer's public key, the payer's account, the payee's account, the payment amount, the random number, and the payment signature, and the output includes the validity judgment of the payment signature; the input includes the payer's collection Amount, locked amount, payment amount, the output includes the validity judgment of the payment amount; if the above three items are all valid, the payment is accepted, otherwise the payment is rejected; in the last judgment, the payer's collection amount, locked amount . The input method of the payment amount can be in plaintext or ciphertext, which can be directly judged or judged by the Paillier public key encryption system and the commitment value proof method respectively;

所述结算模块用于支付背书方收集各收款方提交的结算信息，并对结算信息再次进行收款模块中的三项判断；如果这三项判断均输出有效，则同意结算并分据此余额，否则拒绝结算；各收款方提交结算信息给支付背书方可以是明文或密文方式提交，支付背书方分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行判断。The settlement module is used to pay the endorser to collect the settlement information submitted by each payee, and perform three judgments in the collection module again on the settlement information; if the output of these three judgments are all valid, the settlement is agreed and divided accordingly. Balance, otherwise refuse settlement; each payee submits settlement information to the payment endorser in plaintext or ciphertext, and the payment endorser makes a direct judgment or uses the Paillier public key encryption system and the commitment value proof method to make judgments.

根据本发明提供的具体实施例，本发明公开了以下技术效果：本发明提出一种安全的细粒度预支付方法及装置既能够基于中心化的电子支付系统，又能够基于去中心化的区块链技术以实现在线或离线情况下细粒度的即时支付，形成离链支付链或环，从而提高货币的流通性、增强用户隐私保护。According to the specific embodiments provided by the present invention, the present invention discloses the following technical effects: the present invention proposes a secure fine-grained prepayment method and device that can be based on both a centralized electronic payment system and a decentralized block Chain technology can realize fine-grained instant payment online or offline, and form an off-chain payment chain or ring, thereby improving the liquidity of currency and enhancing user privacy protection.

本发明提供的电子支付系统能够抗伪造、双重花费、超额花费攻击，无论是在线或离线状态下都能实现细粒度的即时支付，并形成离链支付链或环，提高货币的流通性、增强用户隐私保护。The electronic payment system provided by the present invention can resist counterfeiting, double spending, and excessive spending attacks, realize fine-grained instant payment no matter in online or offline state, and form an off-chain payment chain or ring, thereby improving currency liquidity, enhancing User privacy protection.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the accompanying drawings required in the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some of the present invention. In the embodiments, for those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative labor.

图1为本发明提供的实施例的安全的细粒度预支付装置的结构图；1 is a structural diagram of a secure fine-grained prepayment device according to an embodiment of the present invention;

图2为本发明提供的一种安全的细粒度预支付方法与基础密码学工具示意图；2 is a schematic diagram of a secure fine-grained prepayment method and a basic cryptography tool provided by the present invention;

图3为本发明提供的实施例的安全的细粒度预支付方法的结构图；3 is a structural diagram of a secure fine-grained prepayment method according to an embodiment of the present invention;

图4是另一个安全的细粒度预支付方法与基础密码学工具示意图；Figure 4 is a schematic diagram of another secure fine-grained prepayment method and basic cryptography tools;

图5是根据本发明一个实施例的安全的细粒度预支付方法的流程图。FIG. 5 is a flowchart of a secure fine-grained prepayment method according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅仅是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

本发明的目的是提供一种能够提高货币的流通性、增强用户隐私保护的安全的细粒度预支付方法及装置。The purpose of the present invention is to provide a fine-grained prepayment method and device that can improve the liquidity of currency and enhance the security of user privacy protection.

为使本发明的上述目的、特征和优点能够更加明显易懂，下面结合附图和具体实施方式对本发明作进一步详细的说明。In order to make the above objects, features and advantages of the present invention more clearly understood, the present invention will be described in further detail below with reference to the accompanying drawings and specific embodiments.

实施例1Example 1

如图5所示，一种安全的细粒度预支付方法，所述支付方法应用于支付系统，所述支付方法包括：As shown in Figure 5, a secure fine-grained prepayment method, the payment method is applied to a payment system, and the payment method includes:

步骤S210：获取所述支付系统的公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户；系统参与方包括支付背书方、付款方、收款方；Step S210: Acquire the public parameters of the payment system, the public and private keys of the registration authority, the public and private keys of the system participants, and generate an account according to the public keys of the system participants; the system participants include payment endorsers, payers, Beneficiary;

步骤S220：所述系统参与方与注册机构交互获得公钥证书；Step S220: the system participant interacts with the registration authority to obtain a public key certificate;

步骤S230：所述付款方设置预置信息，所述预置信息为收款方、锁定金额和截止条件，所述收款方作为新付款方设置新预置信息，形成对应的离链支付链；Step S230: The payer sets preset information, the preset information is the payee, the locked amount and the cut-off condition, and the payee sets new preset information as a new payer to form a corresponding off-chain payment chain ;

步骤S240：所述支付背书方验证所述付款方公钥证书和所述预置信息的有效性，并发布预付凭证；Step S240: the payment endorser verifies the validity of the payer public key certificate and the preset information, and issues the prepaid certificate;

步骤S250：所述付款方对支付金额进行签名并将所述预付凭证与付款签名发送至所述收款方；Step S250: the payer signs the payment amount and sends the prepaid voucher and the payment signature to the payee;

步骤S260：所述收款方验证所述预付凭证、所述付款签名和所述支付金额的有效性；Step S260: the payee verifies the validity of the prepaid voucher, the payment signature and the payment amount;

步骤S270：所述支付背书方验证各收款方发送的所述预付凭证、所述付款签名、所述支付金额的有效性，并分配余额。Step S270: The payment endorser verifies the validity of the prepaid voucher, the payment signature, and the payment amount sent by each payee, and allocates the balance.

所述实体机构包括：注册机构、支付背书方、付款方、收款方，每个实体机构的角色都由至少一个实体组成；所述获取所述支付系统的公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户具体包括：The entity institution includes: a registration institution, a payment endorser, a payer, and a payee, and the role of each entity institution consists of at least one entity; key, the public key and private key of the system participants, and the account generation based on the public key of the system participants includes:

根据所述支付系统的安全参数计算所述支付系统的公共参数；Calculate the public parameters of the payment system according to the security parameters of the payment system;

根据所述支付系统公共参数，所述实体机构运行各自秘钥生成算法，生成各自的私钥和公钥；根据公钥和随机数对应一个账户。According to the public parameters of the payment system, the entity organizations run their own secret key generation algorithms to generate their own private keys and public keys; and correspond to an account according to the public key and random number.

可选的，所述所述系统参与方与注册机构交互获得公钥证书具体包括：Optionally, the system participant interacting with a registration authority to obtain a public key certificate specifically includes:

所述系统参与方向所述注册机构提交参与方公钥；The system participant submits the participant public key to the registration authority;

注册机构根据公共参数、注册机构私钥、系统参与方公钥获得一个公钥证书。公钥证书的生成可以使用常规签名、代理签名、群签名、环签名，以增强匿名性和可追踪性。常规签名是指满足正确性和不可伪造性的数字签名。The registration authority obtains a public key certificate according to the public parameters, the registration authority private key, and the public key of the system participant. The generation of public key certificates can use conventional signatures, proxy signatures, group signatures, and ring signatures to enhance anonymity and traceability. A regular signature refers to a digital signature that satisfies correctness and unforgeability.

所述付款方设置预置信息，所述预置信息为收款方、锁定金额和截止条件，所述收款方作为新付款方设置新预置信息，形成对应的离链支付链具体包括：The payer sets preset information, and the preset information is the payee, the locked amount and the deadline. The payee, as a new payer, sets new preset information, and forms a corresponding off-chain payment chain, which specifically includes:

所述付款方根据公共参数、付款方私钥及其账户、收款方公钥、账户、锁定金额和截止条件获得一个预置信息签名；The payer obtains a preset information signature according to the public parameters, the payer's private key and its account, the payee's public key, account, locked amount and deadline;

收款方作为新的付款方根据公共参数、新的付款方私钥和账户、新收款方公钥和账户、新锁定金额和新截止条件获得一个新预置信息签名。As the new payer, the payee obtains a new preset message signature according to the public parameters, the new payer's private key and account, the new payee's public key and account, the new locked amount and the new deadline.

所述支付背书方验证所述付款方公钥证书和所述预置信息的有效性，并发布预付凭证具体包括：The payment endorser verifies the validity of the payer's public key certificate and the preset information, and issues the prepaid certificate specifically including:

支付背书方根据公钥、随机数获得一个账户；The payment endorser obtains an account according to the public key and random number;

根据公共参数、注册机构公钥、付款方公钥和公钥证书，判断公钥证书的有效性；Judging the validity of the public key certificate according to the public parameters, the public key of the registration authority, the public key of the payer and the public key certificate;

根据公共参数、付款方公钥和账户、收款方公钥和账户、锁定金额、截止条件和预置信息签名，判断所述预置信息签名的有效性；Judging the validity of the preset information signature according to public parameters, the payer's public key and account, the payee's public key and account, the locked amount, the deadline condition and the preset information signature;

如果所述预置信息签名和所述公钥证书均有效，根据公共参数、支付背书方私钥、付款方公钥及账户、收款方公钥及账户、锁定金额和截止条件获得一个预付凭证，并锁定付款方承诺的相应金额；如果收款方作为新付款方提交新预置信息，则对新预置信息重新执行上述操作，以此类推。If both the preset information signature and the public key certificate are valid, a prepaid certificate is obtained according to the public parameters, the private key of the payment endorser, the public key and account of the payer, the public key and account of the payee, the locked amount and the deadline. , and lock the corresponding amount promised by the payer; if the payee submits new preset information as a new payer, the above operations will be performed again for the new preset information, and so on.

所述所述付款方对支付金额进行签名并将所述预付凭证与付款签名发送至所述收款方具体包括：The paying party signing the payment amount and sending the prepaid voucher and payment signature to the payee specifically includes:

所述付款方根据公共参数、付款方私钥、付款方账户、收款方账户、支付金额和随机数，获得一个付款签名；The payer obtains a payment signature according to the public parameters, the payer's private key, the payer's account, the payee's account, the payment amount and the random number;

所述付款方将预付凭证和付款签名发送给收款方，并向收款方证明支付金额的有效性；传递方式可以是明文或密文方式；The payer sends the prepayment certificate and the payment signature to the payee, and proves the validity of the payment amount to the payee; the transmission method can be plaintext or ciphertext;

支付金额的有效性证明方法：所述付款方向所述收款方揭露所述付款方的收款金额与锁定金额，证明收款金额与锁定金额之和大于或等于支付金额；使用Paillier公钥加密体制和承诺值证明方法进行证明支付金额的有效性以保护交易隐私。The method of verifying the validity of the payment amount: the payer discloses the payment amount and the locked amount of the payer to the payee, and proves that the sum of the received amount and the locked amount is greater than or equal to the payment amount; use Paillier public key encryption The system and the Proof of Commitment method are used to prove the validity of the payment amount to protect transaction privacy.

所述所述收款方验证所述预付凭证、所述付款签名和所述支付金额的有效性具体包括：收款方根据公共参数、支付背书方公钥、付款方公钥及账户、收款方公钥及账户、锁定金额、截止条件、预付凭证，判断预付凭证的有效性；Verification of the validity of the prepaid voucher, the payment signature and the payment amount by the payee specifically includes: the payee according to the public parameters, the public key of the payment endorser, the public key of the payer and the account, the payee Party public key and account, locked amount, cut-off conditions, prepaid voucher, and judge the validity of the prepaid voucher;

根据公共参数、付款方公钥、付款方账户、收款方账户、支付金额、随机数、付款签名，判断付款签名的有效性；Judging the validity of the payment signature according to the public parameters, the payer's public key, the payer's account, the payee's account, the payment amount, the random number, and the payment signature;

根据付款方的收款金额、锁定金额、支付金额，判断支付金额的有效性；如果以上三项均输出有效，则支付被接受，否则支付被拒绝；最后一项判断中，付款方的收款金额、锁定金额、支付金额的输入方式可以是明文或密文方式，分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行有效性判断。Judging the validity of the payment amount according to the payment amount, locked amount and payment amount of the payer; if the above three items are all valid, the payment is accepted, otherwise the payment is rejected; in the last judgment, the payment received by the payer The input method of the amount, locked amount, and payment amount can be in plaintext or ciphertext, which can be judged directly or by the Paillier public key encryption system and the commitment value proof method.

所述支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额的步骤包括：支付背书方收集各收款方提交的结算信息，并对结算信息再次进行收款模块中的三项判断；The payment endorser verifies the validity of the prepaid voucher, the payment signature and the payment amount submitted by each payee, and allocates the balance accordingly. Carry out the three judgments in the collection module again;

如果这三项判断均输出有效，则同意结算并分据此余额，否则拒绝结算；各收款方提交结算信息给支付背书方可以是明文或密文方式提交，支付背书方分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行判断。If the output of these three judgments is valid, the settlement is agreed and the balance is divided according to the balance, otherwise the settlement is refused; the settlement information submitted by each payee to the payment endorser can be submitted in plain text or cipher text, and the payment endorser will directly judge or Use Paillier public key encryption system and committed value proof method to judge.

如图1所示，一种安全的细粒度预支付装置，所述支付装置包括：As shown in Figure 1, a secure fine-grained prepayment device, the payment device includes:

初始化模块，用于生成系统公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户。系统参与方是指支付背书方、付款方、收款方；The initialization module is used to generate the public parameters of the system, the public and private keys of the registration authority, the public and private keys of the system participants, and generate an account according to the public keys of the system participants. System participants refer to payment endorsers, payers, and payees;

注册模块，用于系统参与方与注册机构交互生成公钥证书；The registration module is used for the interaction between the system participants and the registration authority to generate public key certificates;

预置模块，用于付款方设置收款方、锁定金额和截止条件预置信息，而收款方作为新付款方设置新预置信息，以此类推，形成离链支付链或环；The preset module is used for the payer to set the payee, the locked amount and the preset information of the deadline, and the payee as the new payer to set the new preset information, and so on, to form an off-chain payment chain or ring;

验证模块，用于支付背书方验证付款方公钥证书和预置信息的有效性并发布预付凭证；The verification module is used for the payment endorser to verify the validity of the payer's public key certificate and preset information and to issue the prepaid certificate;

支付模块，用于付款方对支付金额进行签名并把预付凭证与付款签名传递给收款方；The payment module is used for the payer to sign the payment amount and transmit the prepaid voucher and payment signature to the payee;

收款模块，用于收款方验证预付凭证、付款签名以及支付金额的有效性；The payment module is used by the payee to verify the validity of the prepayment certificate, payment signature and payment amount;

结算模块，用于支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额。The settlement module is used for the payment endorser to verify the validity of the prepaid voucher, payment signature and payment amount submitted by each payee, and allocate the balance accordingly.

所述预置模块，用于付款方输入包括公共参数、付款方私钥及其账户、收款方公钥及其账户、锁定金额和截止条件，输出包括一个预置信息签名；收款方可作为新的付款方输入包括公共参数、该新的付款方私钥及其账户、新收款方公钥及其账户、新锁定金额和新截止条件，输出包括一个新预置信息签名；The preset module is used for the payer's input to include public parameters, the payer's private key and its account, the payee's public key and its account, the locked amount and the deadline, and the output includes a preset information signature; the payee can As the new payer input includes public parameters, the new payer's private key and its account, the new payee's public key and its account, the new locked amount and the new deadline, and the output includes a new preset message signature;

所述注册模块用于系统参与方向注册机构提交包括参与方公钥，注册机构输入包括公共参数、注册机构私钥、系统参与方公钥，输出包括一个公钥证书；公钥证书的生成可以使用常规签名、代理签名、群签名、环签名，以增强匿名性或可追踪性；常规签名是指满足正确性和不可伪造性的数字签名；The registration module is used for the system participant to submit the public key of the participant to the registration authority, the input of the registration authority includes public parameters, the private key of the registration authority, and the public key of the system participant, and the output includes a public key certificate; the generation of the public key certificate can use Conventional signatures, proxy signatures, group signatures, and ring signatures to enhance anonymity or traceability; conventional signatures refer to digital signatures that satisfy correctness and unforgeability;

所述验证模块用于支付背书方输入包括公钥、随机数，输出包括一个账户；输入包括公共参数、注册机构公钥、付款方公钥和公钥证书，输出包括对公钥证书的有效性判断；输入包括公共参数、付款方公钥及其账户、收款方公钥及其账户、锁定金额、截止条件，以及预置信息签名，输出包括对预置信息签名的有效性判断；如果以上三项输出的判断均为有效，则输入包括公共参数、支付背书方私钥、付款方公钥及账户、收款方公钥及账户、锁定金额和截止条件，输出包括一个预付凭证，并锁定付款方承诺的相应金额；如果收款方作为新付款方提交新预置信息，则对新预置信息进行以上四步操作，以此类推；The verification module is used to pay the endorser. The input includes a public key and a random number, and the output includes an account; the input includes public parameters, the public key of the registration authority, the payer's public key, and a public key certificate, and the output includes the validity of the public key certificate. Judgment; the input includes public parameters, the public key of the payer and its account, the public key of the payee and its account, the locked amount, the deadline, and the preset information signature, and the output includes the validity judgment of the preset information signature; if the above If the three outputs are all valid, the input includes public parameters, the payment endorser’s private key, the payer’s public key and account, the payee’s public key and account, the locked amount and the cut-off condition, and the output includes a prepaid voucher and locked The corresponding amount promised by the payer; if the payee submits new preset information as a new payer, the above four steps will be performed on the new preset information, and so on;

所述支付模块用于付款方输入包括公共参数、付款方私钥、付款方账户、收款方账户、支付金额和随机数，输出包括一个付款签名；付款方把预付凭证与付款签名传递给收款方，并向收款方证明支付金额的有效性；传递方式可以是明文或密文方式；支付金额的有效性证明方法，付款方可以向收款方揭露付款方的收款金额与锁定金额，从而证明收款金额与锁定金额之和大于等于支付金额，也可以使用Paillier公钥加密体制和承诺值证明方法进行证明支付金额的有效性以保护交易隐私；The payment module is used for the payer's input including public parameters, the payer's private key, the payer's account, the payee's account, the payment amount and the random number, and the output includes a payment signature; Payer, and prove the validity of the payment amount to the payee; the transmission method can be in plaintext or ciphertext; the method of proving the validity of the payment amount, the payer can disclose the payer’s received amount and locked amount to the payee , so as to prove that the sum of the received amount and the locked amount is greater than or equal to the payment amount, and the Paillier public key encryption system and the commitment value proof method can also be used to prove the validity of the payment amount to protect transaction privacy;

所述收款模块用于收款方输入包括公共参数、支付背书方公钥、付款方公钥及账户、收款方公钥及账户、锁定金额、截止条件、预付凭证，输出包括对预付凭证的有效性判断；输入包括公共参数、付款方公钥、付款方账户、收款方账户、支付金额、随机数、付款签名，输出包括对付款签名的有效性判断；输入包括付款方的收款金额、锁定金额、支付金额，输出包括对支付金额有效性判断；如果以上三项均输出有效，则支付被接受，否则支付被拒绝；最后一项判断中，付款方的收款金额、锁定金额、支付金额的输入方式可以是明文或密文方式，分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行有效性判断；The collection module is used for the input of the payee to include public parameters, the public key of the payment endorser, the public key and account of the payer, the public key and account of the payee, the locked amount, the deadline, and the prepayment certificate, and the output includes the prepayment certificate. The validity judgment of the payment method; the input includes public parameters, the payer's public key, the payer's account, the payee's account, the payment amount, the random number, and the payment signature, and the output includes the validity judgment of the payment signature; the input includes the payer's collection Amount, locked amount, payment amount, the output includes the validity judgment of the payment amount; if the above three items are all valid, the payment is accepted, otherwise the payment is rejected; in the last judgment, the payer's collection amount, locked amount . The input method of the payment amount can be in plaintext or ciphertext, which can be directly judged or judged by the Paillier public key encryption system and the commitment value proof method respectively;

所述结算模块用于支付背书方收集各收款方提交的结算信息，并对结算信息再次进行收款模块中的三项判断；如果这三项判断均输出有效，则同意结算并分据此余额，否则拒绝结算；各收款方提交结算信息给支付背书方可以是明文或密文方式提交，支付背书方分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行判断。The settlement module is used to pay the endorser to collect the settlement information submitted by each payee, and perform three judgments in the collection module again on the settlement information; if the output of these three judgments are all valid, the settlement is agreed and divided accordingly. Balance, otherwise refuse settlement; each payee submits settlement information to the payment endorser in plaintext or ciphertext, and the payment endorser makes a direct judgment or uses the Paillier public key encryption system and the commitment value proof method to make judgments.

实施例2Example 2

结合图2所示，本发明的系统的各个模块均涉及密码学工具，所以在介绍本系统之前，首先了解需要用到的密码学基础工具，包括单向函数、数字签名、聚合签名密码学工具。As shown in Figure 2, each module of the system of the present invention involves cryptographic tools, so before introducing the system, first understand the basic tools of cryptography that need to be used, including one-way functions, digital signatures, and aggregate signature cryptography tools .

定义单向函数、数字签名、聚合签名：Define one-way functions, digital signatures, and aggregate signatures:

令f代表单向函数。Let f denote a one-way function.

令Π₁＝(KGen,Sig,Ver)代表数字签名方案，其中KGen,Sig,Ver分别为秘钥生成算法、签名算法和验证算法。Let Π₁ =(KGen, Sig, Ver) represent the digital signature scheme, where KGen, Sig, Ver are the key generation algorithm, signature algorithm and verification algorithm, respectively.

令Π₂＝(KGen,ASig,AVer,AggSig,AggVer)代表聚合签名方案，其中KGen,ASig,AVer,AggSig,AggVer分别为秘钥生成算法、签名算法、验证算法、聚合算法、聚合验证算法。Let Π₂ =(KGen, ASig, AVer, AggSig, AggVer) represent the aggregate signature scheme, where KGen, ASig, AVer, AggSig, and AggVer are the key generation algorithm, signature algorithm, verification algorithm, aggregation algorithm, and aggregation verification algorithm, respectively.

单向函数(One-way Function)One-way Function

单向函数是指给定输入，能够在多项时间内计算出函数值；而给定函数值，不能在多项式时间内计算出输入值。A one-way function means that given input, the function value can be calculated in polynomial time; but given the function value, the input value cannot be calculated in polynomial time.

定义1(单向函数)：令函数f:{0,1}*→{0,1}*，如果满足以下两个条件：Definition 1 (one-way function): Let the function f:{0,1}*→{0,1}*, if the following two conditions are satisfied:

(1)可计算性：给定输入x，可在多项式时间内计算出函数值f(x)；(1) Computability: Given an input x, the function value f(x) can be calculated in polynomial time;

(2)不可求逆性：给定函数值f(x)，不可在多项式时间内找到y，使得(2) Irreversibility: Given a function value f(x), y cannot be found in polynomial time, such that

f(y)＝f(x)；f(y)=f(x);

则称函数f为单向函数。Then the function f is called a one-way function.

数字签名(Digital Signature)Digital Signature

数字签名方案应满足以下两个基本要求：①正确性：存在公式，在概率多项式时间范围内，输入真实有效的消息/签名对，输出验证结果为真；②不可伪造性：不存在概率多项式时间算法，该算法利用其它用户的公开信息以及已有的消息/签名对，生成一个有效的消息/签名对；The digital signature scheme should meet the following two basic requirements: ① Correctness: there is a formula, within the range of probability polynomial time, input a real and valid message/signature pair, and the output verification result is true; ② Unforgeability: there is no probability polynomial time Algorithm, which uses the public information of other users and existing message/signature pairs to generate a valid message/signature pair;

定义2(数字签名)：定义Π₁＝(KGen,Sig,Ver)为数字签名方案，其中KGen、Sig和Ver分别为秘钥生成、签名和验证算法，其具体结构算法如下：Definition 2 (digital signature): define Π₁ =(KGen, Sig, Ver) as a digital signature scheme, wherein KGen, Sig and Ver are secret key generation, signature and verification algorithms respectively, and its specific structure algorithm is as follows:

(1)秘钥生成算法KGen：输入公共参数1^λ，输出公钥和私钥(PK,SK)；(1) Key generation algorithm KGen: input public parameter 1^λ , output public key and private key (PK, SK);

(2)签名算法Sig：输入私钥SK和消息m，输出消息和签名(m,σ)；(2) Signature algorithm Sig: input private key SK and message m, output message and signature (m, σ);

(3)验证算法Ver：输入消息和签名(m,σ)以及公钥PK，输出签名的有效性判断。(3) Verification algorithm Ver: input message and signature (m, σ) and public key PK, and output the validity judgment of the signature.

聚合签名(Aggregate Signature)Aggregate Signature

聚合签名方案在满足数字签名算法正确性和不可伪造性的基础上，还满足聚合性：把多个签名聚合为一个签名，仅需要一次验证，则完成所有签名的验证。On the basis of satisfying the correctness and unforgeability of the digital signature algorithm, the aggregated signature scheme also satisfies the aggregation property: aggregate multiple signatures into one signature, and only need one verification to complete the verification of all signatures.

定义3(聚合签名)：定义Π₂＝(AKGen,ASig,AVer,AggSig,AggVer)为聚合签名方案，其中AKGen,ASig,AVer,AggSig,AggVer分别为秘钥生成算法、签名算法、验证算法、聚合算法、聚合验证算法，其具体结构算法如下：Definition 3 (aggregate signature): define Π₂ = (AKGen, ASig, AVer, AggSig, AggVer) as an aggregate signature scheme, where AKGen, ASig, AVer, AggSig, AggVer are the key generation algorithm, signature algorithm, verification algorithm, Aggregation algorithm, aggregation verification algorithm, its specific structure algorithm is as follows:

(1)秘钥生成算法AKGen：输入公共参数1^λ，输出公钥和私钥(PK,SK)；(1) Secret key generation algorithm AKGen: input public parameter 1^λ , output public key and private key (PK, SK);

(2)签名算法ASig：输入私钥SK和消息α，输出消息签名对(α,φ)；(2) Signature algorithm ASig: input the private key SK and the message α, and output the message signature pair (α, φ);

(3)验证算法AVer：输入消息和签名(α,φ)以及公钥PK，输出签名的有效性判断。(3) Verification algorithm AVer: input message and signature (α, φ) and public key PK, and output the validity judgment of the signature.

(4)聚合算法AggSig：输入k(k≥1)个消息签名对(α_i,φ_i)，输出聚合签名(4) Aggregation algorithm AggSig: input k (k≥1) message signature pairs (α_i , φ_i ), output aggregate signature

φ_1,...,k←φ₁...φ_k。φ_1,...,k ←φ₁ ...φ_k .

(5)聚合验证AggVer：输入消息聚合签名对(α_1,...,k,φ_1,...,k)和k个对应的公钥PK_i,1≤i≤k，输出聚合签名的判断。(5) Aggregate verification AggVer: input message aggregate signature pair (α_1,...,k ,φ_1,...,k ) and k corresponding public keys PK_i , 1≤i≤k, output aggregate signature judgment.

以下为本发明的具体实施例：The following are specific embodiments of the present invention:

如图1所示，根据本发明一个实施例的安全的细粒度预支付系统100，由以上述的密码学基础工具可给出本发明的系统构造。定义Ω＝(初始化,注册,预置,验证,支付,收款,结算)为基本构造，并将系统总结为7个算法模块，包括：初始化模块110、注册模块120、预置模块130、验证模块140、支付模块150、收款模块160、结算模块170。As shown in FIG. 1 , the secure fine-grained prepayment system 100 according to an embodiment of the present invention is constructed by using the above-mentioned basic tools of cryptography to provide the system structure of the present invention. Define Ω=(initialization, registration, preset, verification, payment, collection, settlement) as the basic structure, and summarize the system into 7 algorithm modules, including:initialization module 110,registration module 120,preset module 130,verification Module 140 ,payment module 150 , payment module 160 , settlement module 170 .

其中，初始化模块，用于生成系统公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户。系统参与方是指支付背书方、付款方、收款方；注册模块，用于系统参与方与注册机构交互生成公钥证书；预置模块，用于付款方设置收款方、锁定金额和截止条件预置信息，而收款方作为新付款方设置新预置信息，以此类推，形成离链支付链或环；验证模块，用于支付背书方验证付款方公钥证书和预置信息的有效性并发布预付凭证；支付模块，用于付款方对支付金额进行签名并把预付凭证与付款签名传递给收款方；收款模块，用于收款方验证预付凭证、付款签名以及支付金额的有效性；结算模块，用于支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额。Among them, the initialization module is used to generate the public parameters of the system, the public and private keys of the registration authority, the public and private keys of the system participants, and generate an account according to the public keys of the system participants. System participants refer to payment endorsers, payers, and payees; registration module, which is used for system participants to interact with the registration authority to generate public key certificates; preset modules, which are used by the payer to set the payee, the locked amount and the deadline Conditional preset information, and the payee as a new payer sets new preset information, and so on, to form an off-chain payment chain or ring; the verification module is used to pay the endorser to verify the payer’s public key certificate and preset information. Validity and release the prepaid voucher; payment module, used by the payer to sign the payment amount and pass the prepaid voucher and payment signature to the payee; the payment module, used by the payee to verify the prepaid voucher, payment signature and payment amount The settlement module is used to pay the endorser to verify the validity of the prepaid voucher, payment signature, and payment amount submitted by each payee, and allocate the balance accordingly.

在一些实施例中，实体机构括注册机构、支付背书方、付款方、收款方。每个实体机构的角色都可能由一个或多个实体合作充任。其中，注册机构认证用户信息并发布公钥证书；支付背书方验证用户的支付信息，发布支付凭证以及分配余额。In some embodiments, the entity includes a registry, a payment endorser, a payer, and a payee. Each entity's role may be filled by one or more entities working together. Among them, the registration authority authenticates the user information and issues the public key certificate; the payment endorser verifies the user's payment information, issues the payment voucher and distributes the balance.

结合图3所示，具体来说，本发明包含四类实体：注册机构、支付背书方、付款方和收款方。其中，注册机构的公钥和私钥可以表示为(RPK,RSK)，支付背书方的公钥和私钥可以表示为(TPK,TSK)，任意付款方i、收款方j的公钥和私钥可以表示为(PK_i,SK_i),(PK_j,SK_j)。As shown in FIG. 3 , specifically, the present invention includes four types of entities: a registration institution, a payment endorser, a payer and a payee. Among them, the public key and private key of the registration authority can be expressed as (RPK, RSK), the public key and private key of the payment endorser can be expressed as (TPK, TSK), the public key and the private key of any payer i and payee j The private key can be represented as (PK_i ,SK_i ),(PK_j ,SK_j ).

需要注意的是初始化由注册机构、支付背书方、付款方和收款方完成，注册由系统参与方和注册机构完成，预置由付款方完成，验证由支付背书方完成，支付由付款方完成，收款由收款方完成，结算由支付背书方完成。It should be noted that initialization is completed by the registration authority, payment endorser, payer and payee, registration is completed by system participants and registration authority, presetting is completed by the payer, verification is completed by the payment endorser, and payment is completed by the payer , the payment is completed by the payee, and the settlement is completed by the payment endorser.

在一些实施例中，初始化模块110用于生成系统公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户，具体来说，In some embodiments, theinitialization module 110 is configured to generate the system public parameters, the public and private keys of the registration authority, the public and private keys of the system participants, and generate an account according to the public keys of the system participants, specifically,

(1)注册机构输入包括一个安全参数1^λ，输出包括一个系统公共参数Params。(1) The input of the registration authority includes a security parameter 1^λ , and the output includes a public parameter of the system, Params.

(2)注册机构调用算法Π₁中的秘钥生成算法KGen，输入包括一个安全参数1^λ和公共参数Params，输出包括一个公钥RPK和一个私钥RSK，如(RPK,RSK)←KGen(1^λ,Params)。(2) The registration authority calls the secret key generation algorithm KGen in the algorithm Π₁ , the input includes a security parameter 1^λ and the public parameter Params, and the output includes a public key RPK and a private key RSK, such as (RPK, RSK)←KGen( 1^λ , Params).

(3)支付背书方调用算法Π₂中的秘钥生成算法AKGen，输入包括安全参数1^λ和公共参数Params，输出包括一个公钥TPK和一个私钥TSK，如(TPK,TSK)←AKGen(1^λ,Params)。(3) The payment endorser calls the secret key generation algorithm AKGen in the algorithm Π_2. The input includes the security parameter^1λ and the public parameter Params, and the output includes a public key TPK and a private key TSK, such as (TPK,TSK)←AKGen( 1^λ , Params).

(4)任意付款方或收款方调用算法Π₂中的秘钥生成算法AKGen，输入包括一个安全参数1^λ和公共参数Params，输出包括一个公钥和一个私钥，如(PK,SK)←AKGen(1^λ,Params)；调用单向函数f，输入包括一个公钥PK，输出包括一个账户Account，如Account←f(PK)。(4) Any payer or payee invokes the secret key generation algorithm AKGen in the algorithm Π₂ , the input includes a security parameter^1λ and the public parameter Params, and the output includes a public key and a private key, such as (PK,SK) ←AKGen(1^λ ,Params); call the one-way function f, the input includes a public key PK, and the output includes an account Account, such as Account←f(PK).

在一些实施例中，注册模块120用于系统参与方与注册机构交互生成公钥证书，具体来说，In some embodiments, theregistration module 120 is used for the system participant to interact with the registration authority to generate a public key certificate, specifically,

(1)任意系统参与方向注册机构提交信息包括系统参与方公钥，注册机构调用算法Π₁中的签名算法Sig，输入包括注册机构私钥RSK、系统参与方公钥PK，输出包括对应的公钥证书

如

并生成公开信息包括公钥列表PK和公钥证书列表

(1) The information submitted by any system participant to the registration authority includes the public key of the system participant, the registration authority invokes the signature algorithm Sig in the algorithm Π₁ , the input includes the private key RSK of the registration authority, the public key PK of the system participant, and the output includes the corresponding public key. key certificate

like

And generate public information including public key list PK and public key certificate list

在一些实施例中，预置模块130用于付款方设置收款方、锁定金额和截止条件预置信息，而收款方作为新付款方设置新预置信息，以此类推，形成离链支付链或环，具体来说，In some embodiments, thepreset module 130 is used by the payer to set the payee, the locked amount and the preset information of the deadline, and the payee as the new payer sets the new preset information, and so on, forming an off-chain payment chain or ring, specifically,

(1)任意付款方i调用算法Π₂中的签名算法ASig，输入包括公共参数Params、付款方私钥SK_i、序列号num(初始值为1)、付款方私钥账户Account_i、收款方账户Account_j、锁定金额W_ij、截止条件T_ij，令α_ij＝(num,Account_i,Account_j,W_ij,T_ij)，输出包括一个预置信息签名φ_ij，如

(1) Any payer i calls the signature algorithm ASig in the algorithm Π₂ , and the input includes the public parameter Params, the payer's private key SK_i , the serial number num (the initial value is 1), the payer's private key account Account_i , and the collection Party account Account_j , locked amount W_ij , cut-off condition T_ij , let α_ij =(num, Account_i , Account_j , Wi_ij , T_ij ), the output includes a preset information signature φ_ij , such as

(2)收款方j作为新的付款方调用算法Π₂中的签名算法ASig，输入包括公共参数Params、新付款方私钥SK_j、序列号num(值为2)、新付款方账户Account_j、收款方账户Account_k、锁定金额W_jk和截止条件T_jk，令α_jk＝(num,Account_j,Account_k,W_jk,T_jk)，输出包括一个预置信息签名φ_jk，如

调用算法Π₂中的聚合算法AggSig，输入包括已有预置信息签名对(α_ij,φ_ij),(α_jk,φ_jk)，令α_ijk＝(α_ij,α_jk)，输出包括一个聚合签名对(α_ijk,φ_ijk)，如φ_ijk←AggSig(φ_ij,φ_jk)，以此类推，形成离链支付链或环。(2) The payee j calls the signature algorithm ASig in the algorithm Π₂ as a new payer, and the input includes the public parameter Params, the new payer's private key SK_j , the serial number num (the value is 2), the new payer's account Account_j , the payee account Account_k , the locked amount W_jk and the cut-off condition T_jk , let α_jk =(num, Account_j , Account_k , W_jk , T_jk ), the output includes a preset information signature φ_jk , such as

Call the aggregation algorithm AggSig in the algorithm Π₂ , the input includes the existing preset information signature pair (α_ij , φ_ij ), (α_jk , φ_jk ), let α_ijk = (α_ij , α_jk ), the output includes a Aggregate signature pairs (α_ijk , φ_ijk ), such as φ_ijk ←AggSig(φ_ij , φ_jk ), and so on, to form off-chain payment chains or rings.

验证模块140用于支付背书方验证付款方公钥证书和预置信息的有效性并发布预付凭证，具体来说，Theverification module 140 is used for the payment endorser to verify the validity of the payer's public key certificate and the preset information and to issue the prepaid certificate, specifically,

(1)支付背书方调用单向函数f，输入包括付款方公钥PK_i，输出包括一个账户Account_i，如Account_i←f(PK_i)。(1) The payment endorser calls the one-way function f, the input includes the payer's public key PK_i , and the output includes an account Account_i , such as Account_i ←f(PK_i ).

(2)支付背书方调用算法Π₁中的验证算法Ver，输入包括公共参数Params、注册机构公钥RPK、付款方公钥PK_i和公钥证书

输出包括对公钥证书

的有效性判断，如

(2) The payment endorser calls the verification algorithm Ver in the algorithm Π₁ , and the input includes the public parameter Params, the public key RPK of the registration authority, the public key PK_i of the payer and the public key certificate

The output includes a pair of public key certificates

validity judgment, such as

(3)支付背书方调用算法Π₂中的验证算法AVer，输入公共参数Params、付款方公钥PK_i、预置信息签名对(α_ij,φ_ij)，输出包括对预置信息签名对的有效性判断，如

(3) The payment endorser invokes the verification algorithm AVer in the algorithm Π₂ , inputs the public parameter Params, the payer's public key PK_i , the preset information signature pair (α_ij , φ_ij ), and the output includes the signature pair of the preset information validity judgments, such as

(4)如果前三项输出的判断均为有效，则调用算法Π₂中的签名算法ASig，输入包括公共参数Params、支付背书方私钥RSK、预置信息α_ij，输出包括一个预付凭证

如

并锁定付款方承诺的相应金额。类似地，如果一二四项输出的判断均为有效为有效，则输出预付凭证

如

(4) If the judgments of the first three outputs are all valid, the signature algorithm ASig in the algorithm Π₂ is called, the input includes the public parameter Params, the private key RSK of the payment endorser, and the preset information α_ij , and the output includes a prepaid voucher

like

And lock the corresponding amount promised by the payer. Similarly, if the judgments of one, two or four outputs are all valid, the prepaid voucher will be output.

like

支付模块150用于付款方对支付金额进行签名并把预付凭证与付款签名传递给收款方，具体来说，Thepayment module 150 is used by the payer to sign the payment amount and transmit the prepaid voucher and the payment signature to the payee, specifically,

(1)如果付款方有收款金额，则调用算法Π₂中的聚合算法AggSig，输入包括公共参数Params、已有k个收款信息签名对(β_i,δ_i)，令β_1,...,k＝(β₁,...,β_k)，输出包括一个收款聚合签名对(β_1,...,k,δ_1,...,k)，如δ_1,...,k←AggSig(δ₁,...,δ_k)，否则直接进入下一步。(1) If the payer has the payment amount, call the aggregation algorithm AggSig in the algorithm Π₂ , the input includes the public parameter Params, and there are k collection information signature pairs (β_i ,δ_i ), let β_{1,. ..,k} = (β₁ ,...,β_k ), the output includes a collection aggregate signature pair (β_1,...,k ,δ_1,...,k ), such as δ_{1,. ..,k} ←AggSig(δ₁ ,...,δ_k ), otherwise go directly to the next step.

(2)付款方调用算法Π₂中的签名算法ASig，输入包括公共参数Params、付款方私钥SK_i、付款方账户Account_i、收款方账户Account_j、支付金额m_ij、随机数r_ij，令γ_i＝(Account_i,Account_j,m_ij,r_ij)，输出包括一个付款签名对(γ_i,σ_i)，如

(2) The payer invokes the signature algorithm ASig in the algorithm Π₂ , and the input includes the public parameter Params, the payer's private key SK_i , the payer's account Account_i , the payee's account Account_j , the payment amount m_ij , and the random number r_ij , let γ_i =(Account_i ,Account_j ,m_ij ,r_ij ), the output includes a payment signature pair (γ_i ,σ_i ), as

(3)付款方把预付凭证签名对

收款聚合签名对(β_1,...,k,δ_1,...,k)、付款签名对(γ_i,σ_i)传递给收款方，并向收款方证明支付金额m_ij的有效性。传递方式可以是明文或密文方式。支付金额的有效性证明方法，如果付款方把付款金额以明文方式直接传递给收款方，则收款方可以直接验证付款方的收款金额与锁定金额之和大于等于支付金额，如果付款方把付款金额加密后传递给收款方，则付款方可以使用Paillier公钥加密体制和承诺值证明方法进行证明以保护交易额隐私。(3) The payer signs the prepaid certificate to

The collection signature pair (β_1,...,k ,δ_1,...,k ) and the payment signature pair (γ_i ,σ_i ) are passed to the receiver, and the payment amount m is proved to the receiver the validity of_ij . The transmission method can be plaintext or ciphertext. The method to prove the validity of the payment amount. If the payer directly transmits the payment amount to the payee in clear text, the payee can directly verify that the sum of the payer’s received amount and the locked amount is greater than or equal to the payment amount. After encrypting the payment amount and passing it to the payee, the payer can use the Paillier public key encryption system and the commitment value proof method to prove to protect the privacy of the transaction amount.

收款模块160用于收款方验证预付凭证、付款签名以及支付金额的有效性，具体来说，The payment module 160 is used for the payment party to verify the validity of the prepaid voucher, the payment signature and the payment amount, specifically,

(1)收款方调用算法Π₂中的验证算法AVer，输入包括公共参数Params、支付背书方公钥RPK、预付凭证签名对

输出包括对预付凭证的有效性判断，如

(1) The payee calls the verification algorithm AVer in the algorithm Π₂ , and the input includes the public parameter Params, the public key RPK of the payment endorser, and the signature pair of the prepaid certificate.

The output includes the validity judgment of the prepaid voucher, such as

(2)收款方调用算法Π₂中的聚合验证算法AggVer，输入包括包括公共参数Params、各付款方的公钥PK₁,...,PK_k、聚合签名对(β_1,...,k,δ_1,...,k)，输出包括对收款聚合签名的有效性判断，如

(2) The payee invokes the aggregate verification algorithm AggVer in the algorithm Π₂ , and the input includes the public parameters Params, the public keys PK₁ ,...,PK_k of each payer, and the aggregated signature pair (β_{1,... ,k} ,δ_1,...,k ), the output includes the validity judgment of the collection aggregate signature, such as

(3)收款方调用算法Π₂中的验证算法AVer，输入包括公共参数Params、付款方公钥PK_i、付款签名对(γ_i,σ_i)，输出包括对付款签名的有效性判断，如

(3) The payee invokes the verification algorithm AVer in the algorithm Π₂ , the input includes the public parameter Params, the payer's public key PK_i , the payment signature pair (γ_i ,σ_i ), and the output includes the validity judgment of the payment signature, like

(4)输入包括付款方的收款金额m_ij'、锁定金额W_ij、支付金额m_ij，输出包括对支付金额的有效性判断，如果m_ij'+W_ij≥m_ij，则输出有效，否则拒绝。(4) The input includes the payment amount m_ij ' of the payer, the locked amount W_ij , and the payment amount m_ij , and the output includes the validity judgment of the payment amount. If m_ij '+W_ij ≥ m_ij , the output is valid, Otherwise refuse.

(5)如果以上四项均输出有效，则支付被接受，否则支付被拒绝。(5) If the above four items are all valid, the payment is accepted, otherwise the payment is rejected.

结算模块170用于支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额，具体来说，The settlement module 170 is used for the payment endorser to verify the validity of the prepaid voucher, payment signature, and payment amount submitted by each payee, and to allocate the balance accordingly, specifically,

(1)各收款方把付款方的预付凭证签名对

收款聚合签名对(β_1,...,k,δ_1,...,k)、付款签名对(γ_i,σ_i)提交给支付背书方，请求结算。各收款方提交结算信息给支付背书方可以是明文或密文方式提交。(1) Each payee signs the prepayment certificate of the payer to match

The collection signature pair (β_1,...,k ,δ_1,...,k ) and the payment signature pair (γ_i ,σ_i ) are submitted to the payment endorser to request settlement. The settlement information submitted by each payee to the payment endorser can be submitted in plaintext or ciphertext.

(2)支付背书方接收到收款方的结算请求或达到截止条件T，则通知支付链上各收款方在规定时间内提交结算请求信息，并再次验证收款模块中的四项判断。如果这四项均输出有效，则同意结算并于结算后解锁各付款方剩余的锁定金额，否则拒绝结算；如果在规定时间内其余的收款方没有提交结算请求信息，则仅根据其中一方提交的信息进行结算。(2) The payment endorser receives the settlement request from the payee or reaches the deadline T, and notifies each payee on the payment chain to submit the settlement request information within the specified time, and re-verifies the four judgments in the payee module. If the output of these four items is valid, the settlement will be agreed and the remaining locked amount of each payer will be unlocked after settlement, otherwise the settlement will be refused; if the remaining payees have not submitted the settlement request information within the specified time, only one party will submit information for settlement.

作为一个示例，结合图4所示：初始化模块110的系统初始化和实体机构初始化涉及哈希函数、数字签名、聚合签名，注册模块120的系统参与方注册涉及数字签名，预置模块130的预置信息涉及聚合签名，验证模块140的信息验证涉及哈希函数、数字签名和聚合签名，支付模块150的支付信息涉及聚合签名，收款模块160的收款信息验证涉及聚合签名，结算模块170的结算信息验证涉及聚合签名。As an example, as shown in FIG. 4 : the system initialization and entity organization initialization of theinitialization module 110 involve hash functions, digital signatures, and aggregated signatures, the system participant registration of theregistration module 120 involves digital signatures, and thepreset module 130 The information involves an aggregated signature, the information verification of theverification module 140 involves a hash function, a digital signature and an aggregated signature, the payment information of thepayment module 150 involves an aggregated signature, the payment information verification of the payment module 160 involves an aggregated signature, and the settlement of the settlement module 170 Information verification involves aggregated signatures.

一个单向函数实例：哈希函数H，输入任意长度消息{0,1}^*，输出固定长度p的函数值{0,1}^p，即

An example of a one-way function: Hash function H, input message {0,1}^* of arbitrary length, output function value {0,1}^p of fixed length p, namely

一个数字签名方案实例ψ₁＝(KGen,Sig,Ver)：令H₁为抗碰撞哈希函数，H₁:{0,1}*→G₁；G₁是阶为素数p的循环乘法群，其生成元为g₁，则系统公共参数Params＝(g₁,G₁,H₁)。An example of a digital signature scheme ψ₁ =(KGen, Sig, Ver): let H₁ be a collision-resistant hash function, H₁ : {0,1}*→G₁ ; G₁ is a cyclic multiplication group whose order is prime p , whose generator is g₁ , then the system public parameter Params=(g₁ , G₁ , H₁ ).

(1)秘钥生成算法KGen：输入安全参数和公共参数(1^λ,Params)，输出公钥

和私钥

其中

(1) Key generation algorithm KGen: input security parameters and public parameters (1^λ , Params), output public key

and private key

in

(2)签名算法Sig：选择随机数r，其中1＜r＜p-1,gcd(r,p-1)＝1，选择消息m，计算

输出签名为σ＝(E,F)。(2) Signature algorithm Sig: select random number r, where 1<r<p-1, gcd(r,p-1)=1, select message m, calculate

The output signature is σ=(E,F).

(3)验证算法Ver：输入消息签名对(m,σ)和公钥PK，如果

则输出1，否则输出0。(3) Verification algorithm Ver: input message signature pair (m,σ) and public key PK, if

then output 1, otherwise output 0.

一个聚合签名方案实例ψ₂＝(AKGen,ASig,AVer,AggSig,AggVer)：令H₂为抗碰撞哈希函数，H₂:{0,1}*→G₂；G₁,G₂是阶为素数p的循环乘法群，其中G₁≠G₂，生成元分别为g₁,g₂，映射e:G₁×G₂→G_T满足双线性和非退化性，则An example of an aggregated signature scheme ψ₂ =(AKGen, ASig, AVer, AggSig, AggVer): let H₂ be a collision-resistant hash function, H₂ : {0,1}*→G₂ ; G₁ , G₂ are the order of is a cyclic multiplicative group of prime numbers p, where G₁ ≠ G₂ , the generators are g₁ , g₂ , and the mapping e: G₁ ×G₂ →G_T satisfies bilinear and non-degenerate properties, then

系统公共参数Params＝(g₁,g₂,G₁,G₂,G_T,e,H₂)。System public parameters Params=(g₁ , g₂ , G₁ , G₂ ,_GT , e, H₂ ).

(1)秘钥生成算法AKGen：任意用户i输入安全参数和公共参数(1^λ,Params)，输出公钥PK_i＝X_i和私钥SK_i＝x_i，其中

(1) Secret key generation algorithm AKGen: any user i inputs security parameters and public parameters (1^λ , Params), and outputs public key PK_i =X_i and private key SK_i =_xi , where

(2)签名算法ASig：输入私钥SK_i和消息α_i，计算H₂(α_i)∈G₂，输出签名

(2) Signature algorithm ASig: input the private key SK_i and the message α_i , calculate H₂ (α_i )∈G₂ , and output the signature

(3)验证算法AVer：输入公钥PK_i和消息签名对

如果

则输出有效性有效，否则拒绝；(3) Verification algorithm AVer: input the public key PK_i and the message signature pair

if

The output validity is valid, otherwise it is rejected;

(4)聚合算法AggSig：输入k(k≥1)个消息签名对

其中α_i互不相同，输出聚合签名

(4) Aggregation algorithm AggSig: input k (k≥1) message signature pairs

where α_i are different from each other, output the aggregated signature

(5)聚合验证AggVer：输入k个对应的公钥PK_i和消息签名对(α_1,...,k,φ_1,...,k)，如果

则输出有效，否则拒绝。(5) Aggregate verification AggVer: Input k corresponding public key PK_i and message signature pairs (α_1,...,k ,φ_1,...,k ), if

The output is valid, otherwise it is rejected.

具体构造如下：The specific structure is as follows:

初始化模块110：生成系统公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户。Initialization module 110: Generate system public parameters, public and private keys of registration authorities, public and private keys of system participants, and generate an account according to the public keys of system participants.

(1)注册机构输入包括安全参数1^λ，生成两个阶为素数p的群G₁,G₂，g₁,g₂分别为群G₁,G₂的随机生成元，映射e:G₁×G₂→G_T满足双线性和非退化性，其中G₁≠G₂。哈希函数

抗碰撞哈希函数H₁:{0,1}*→G₁，H₂:{0,1}*→G₂则系统公共参数Params＝(g₁,g₂,e,G₁,G₂,G_T,H,H₁,H₂)。(1) The registration authority input includes the security parameter 1^λ , and generates two groups G₁ , G₂ , G_{1 , G 2 of order prime p, which are the random generators of the groups G 1, G 2respectively,} mapping e:G₁ ×G₂ →G_T satisfies bilinear and non-degenerate properties, where G₁ ≠G₂ . hash function

Anti-collision hash function H₁ :{0,1}*→G₁ , H₂ :{0,1}*→G₂ , then the system public parameters Params=(g₁ ,g₂ ,e,G₁ ,G₂ , G_T , H, H₁ , H₂ ).

(2)注册机构调用算法ψ₁中的秘钥生成算法KGen，输入包括安全参数1^λ和公共参数Params，输出包括私钥和公钥，如

则注册机构私钥

公钥

(2) The registration authority calls the secret key generation algorithm KGen in the algorithm ψ₁ , the input includes the security parameter 1^λ and the public parameter Params, and the output includes the private key and the public key, such as

then the registry private key

public key

(3)支付背书方调用算法ψ₂中的秘钥生成算法AKGen，输入包括安全参数1^λ和公共参数Params，输出包括私钥和公钥，如

则注册机构私钥

公钥

(3) The payment endorser calls the secret key generation algorithm AKGen in the algorithm ψ_2. The input includes the security parameter 1^λ and the public parameter Params, and the output includes the private key and the public key, such as

then the registry private key

public key

(4)任意付款方或收款方调用算法ψ₂中的秘钥生成算法AKGen，输入包括安全参数1^λ和公共参数Params，输出包括私钥和公钥，如

则该付款方或收款方的私钥SK＝x，公钥

调用哈希函数H，输入包括一个公钥PK，输出包括一个账户Account，如Account←H(PK)。(4) Any payer or payee invokes the secret key generation algorithm AKGen in the algorithm ψ₂ , the input includes the security parameter 1^λ and the public parameter Params, and the output includes the private key and the public key, such as

Then the private key SK=x of the payer or payee, the public key

Call the hash function H, the input includes a public key PK, and the output includes an account Account, such as Account←H(PK).

注册模块120：系统参与方与注册机构交互生成公钥证书。Registration module 120: The system participant interacts with the registration authority to generate a public key certificate.

(1)任意系统参与方i向注册机构提交的信息包括系统参与方公钥，注册机构调用算法ψ₁中的签名算法Sig，输入包括随机数r_i、注册机构私钥RSK、系统参与方公钥PK_i，输出包括对应的公钥证书

如

令

并把公钥PK_i和公钥证书

分别加入到公开的公钥列表PK和公钥证书列表

(1) The information submitted by any system participant i to the registration authority includes the public key of the system participant, the registration authority invokes the signature algorithm Sig in the algorithm ψ₁ , and the input includes the random number r_i , the private key RSK of the registration authority, and the public key of the system participant. key PK_i , the output includes the corresponding public key certificate

like

make

And put the public key PK_i and the public key certificate

Add to the public public key list PK and public key certificate list respectively

预置模块130：付款方设置收款方、锁定金额和截止条件预置信息，而收款方作为新付款方设置新预置信息，以此类推，形成离链支付链或环。Preset module 130: The payer sets the payee, the locked amount and the preset information of the deadline, and the payee sets the new preset information as a new payer, and so on, to form an off-chain payment chain or ring.

(1)任意付款方i调用算法ψ₂中的签名算法ASig，输入包括公共参数Params、付款方私钥SK_i、序列号num(初始值为1)、付款方私钥账户Account_i、收款方账户Account_j、锁定金额W_ij、截止条件T_ij，令α_ij＝(num,Account_i,Account_j,W_ij,T_ij)，输出包括一个预置信息签名φ_ij，如

(1) Any payer i calls the signature algorithm ASig in the algorithm ψ₂ , and the input includes the public parameter Params, the payer's private key SK_i , the serial number num (the initial value is 1), the payer's private key account Account_i , and the collection Party account Account_j , locked amount W_ij , cut-off condition T_ij , let α_ij =(num, Account_i , Account_j , Wi_ij , T_ij ), the output includes a preset information signature φ_ij , such as

(2)收款方j作为新的付款方调用算法ψ₂中的签名算法ASig，输入包括公共参数Params、新付款方私钥SK_j、序列号num(值为2)新付款方账户Account_j、收款方账户Account_k、锁定金额W_jk和截止条件T_jk，令α_jk＝(num,Account_j,Account_k,W_jk,T_jk)，输出包括一个预置信息签名φ_jk，如

调用算法Π₂中的聚合算法AggSig，输入包括已有预置信息签名对(α_ij,φ_ij),(α_jk,φ_jk)，令α_ijk＝(α_ij,α_jk)，输出包括一个聚合签名对(α_ijk,φ_ijk)，如

以此类推，形成离链支付链或环。(2) Payee j calls the signature algorithm ASig in algorithm ψ₂ as a new payer, and the input includes public parameters Params, new payer private key SK_j , serial number num (value 2) new payer account Account_j , the payee account Account_k , the locked amount W_jk and the cut-off condition T_jk , let α_jk =(num, Account_j , Account_k , W_jk , T_jk ), the output includes a preset information signature φ_jk , such as

Call the aggregation algorithm AggSig in the algorithm Π₂ , the input includes the existing preset information signature pair (α_ij , φ_ij ), (α_jk , φ_jk ), let α_ijk = (α_ij , α_jk ), the output includes a Aggregate signature pairs (α_ijk , φ_ijk ), such as

And so on, forming off-chain payment chains or rings.

验证模块140：支付背书方验证付款方公钥证书和预置信息的有效性并发布预付凭证。Verification module 140: The payment endorser verifies the validity of the public key certificate of the payer and the preset information and issues the prepaid certificate.

(1)支付背书方调用哈希函数H，输入包括一个公钥PK_i，输出包括一个账户Account_i，如Account_i←H(PK_i)。(1) The payment endorser calls the hash function H, the input includes a public key PK_i , and the output includes an account Account_i , such as Account_i ←H(PK_i ).

(2)支付背书方调用算法ψ₁中的验证算法Ver，输入包括公共参数Params、注册机构公钥RPK、付款方公钥PK_i和公钥证书

输出包括对公钥证书

的有效性判断，如果

则输出有效，否则拒绝。(2) The payment endorser calls the verification algorithm Ver in the algorithm ψ₁ , and the input includes the public parameter Params, the public key RPK of the registration authority, the public key PK_i of the payer and the public key certificate

The output includes a pair of public key certificates

validity judgment, if

The output is valid, otherwise it is rejected.

(3)支付背书方调用算法ψ₂中的验证算法AVer，输入公共参数Params、付款方公钥PK_i、预置信息签名对(α_ij,φ_ij)，输出包括对预置信息签名对的有效性判断，如果e(g₁,φ_ij)＝e(X_i,H₂(α_ij))，则输出有效，否则拒绝。(3) The payment endorser invokes the verification algorithm_AVer in the algorithm ψ2, inputs the public parameter Params, the payer public key PK_i , and the preset information signature pair (α_ij , φ_ij ), and the output includes the signature pair of the preset information Validity judgment, if e(g₁ , φ_ij )=e(X_i , H₂ (α_ij )), the output is valid, otherwise it is rejected.

(4)支付背书方调用算法ψ₂中的聚合验证AggVer，输入包括聚合签名对(α_ijk,φ_ijk)及其对应的公钥PK_i,PK_j，输出包括对聚合签名对的有效性判断，如果e(g,φ_ijk)＝e(X_i,H₂(α_ij))·e(X_j,H₂(α_jk))，则输出有效，否则拒绝。(4) The payment endorser invokes the aggregate verification AggVer in the algorithm ψ_2. The input includes the aggregate signature pair (α_ijk , φ_ijk ) and their corresponding public keys PK_i , PK_j , and the output includes the validity judgment of the aggregate signature pair , if e(g, φ_ijk )=e(X_i , H₂ (α_ij ))·e(X_j , H₂ (α_jk )), the output is valid, otherwise it is rejected.

(5)如果前三项输出的判断均为有效，则调用算法ψ₂中的签名算法ASig，输入包括公共参数Params、支付背书方私钥RSK、预置信息α_ij，输出包括一个预付凭证

如

并锁定付款方承诺的相应金额。类似地，如果一二四项输出的判断均为有效为有效，则输出预付凭证

如

(5) If the judgments of the first three outputs are all valid, the signature algorithm ASig in the algorithm ψ₂ is called, the input includes the public parameter Params, the private key RSK of the payment endorser, and the preset information α_ij , and the output includes a prepaid voucher

like

And lock the corresponding amount promised by the payer. Similarly, if the judgments of one, two or four outputs are all valid, the prepaid voucher will be output.

like

支付模块150：付款方对支付金额进行签名并把预付凭证与付款签名传递给收款方。Payment module 150: The payer signs the payment amount and transmits the prepaid voucher and the payment signature to the payee.

(1)如果付款方有收款金额，则调用算法ψ₂中的聚合算法AggSig，输入包括公共参数Params、已有k个收款信息签名对(β_i,δ_i)，令β_1,...,k＝(β₁,...,β_k)，输出包括一个收款聚合签名对(β_1,...,k,δ_1,...,k)，如δ_1,...,k←δ₁·...·δ_k，否则直接进入下一步。(1) If the payer has the payment amount, call the aggregation algorithm AggSig in the algorithm ψ₂ , the input includes the public parameter Params, and there are k collection information signature pairs (β_i ,δ_i ), let β_{1,. ..,k} = (β₁ ,...,β_k ), the output includes a collection aggregate signature pair (β_1,...,k ,δ_1,...,k ), such as δ_{1,. ..,k} ←δ₁ ·...·δ_k , otherwise go directly to the next step.

(2)付款方调用算法ψ₂中的签名算法ASig，输入包括公共参数Params、付款方私钥SK_i、付款方账户Account_i、收款方账户Account_j、支付金额m_ij、随机数r_ij，令γ_i＝(Account_i,Account_j,m_ij,r_ij)，输出包括一个付款签名对(γ_i,σ_i)，如

(₂ ) The payer invokes the signature algorithm ASig in the algorithm ψ2, and the input includes the public parameter Params, the payer's private key SK_i , the payer's account Account_i , the payee's account Account_j , the payment amount m_ij , and the random number r_ij , let γ_i =(Account_i ,Account_j ,m_ij ,r_ij ), the output includes a payment signature pair (γ_i ,σ_i ), as

(3)付款方把预付凭证签名对

收款聚合签名对(β_1,...,k,δ_1,...,k)、付款签名对(γ_i,σ_i)传递给收款方，并向收款方证明支付金额m_ij的有效性。传递方式可以是明文或密文方式。支付金额的有效性证明方法，如果付款方把付款金额以明文方式直接传递给收款方，则收款方可以直接验证付款方的收款金额与锁定金额之和大于等于支付金额，如果付款方把付款金额加密后传递给收款方，则付款方可以使用Paillier公钥加密体制和承诺值证明方法进行证明以保护交易额隐私。(3) The payer signs the prepaid certificate to

The collection signature pair (β_1,...,k ,δ_1,...,k ) and the payment signature pair (γ_i ,σ_i ) are passed to the receiver, and the payment amount m is proved to the receiver the validity of_ij . The transmission method can be plaintext or ciphertext. The method to prove the validity of the payment amount. If the payer directly transmits the payment amount to the payee in clear text, the payee can directly verify that the sum of the payer’s received amount and the locked amount is greater than or equal to the payment amount. After encrypting the payment amount and passing it to the payee, the payer can use the Paillier public key encryption system and the commitment value proof method to prove to protect the privacy of the transaction amount.

收款模块160：收款方验证预付凭证、付款签名以及支付金额的有效性。Payment module 160: The payment party verifies the validity of the prepaid voucher, the payment signature and the payment amount.

(1)收款方调用算法ψ₂中的验证算法AVer，输入包括公共参数Params、支付背书方公钥RPK、预付凭证签名对

输出包括对预付凭证的有效性判断，如果

则输出有效，否则拒绝。(1) The payee invokes the verification algorithm AVer in the algorithm ψ₂ , and the input includes the public parameter Params, the public key RPK of the payment endorser, and the signature pair of the prepaid certificate.

The output includes a judgment on the validity of the prepaid voucher, if

The output is valid, otherwise it is rejected.

收款方调用算法ψ₂中的聚合验证算法AggVer，输入包括包括公共参数Params、各付款方的公钥PK₁,...,PK_k、聚合签名对(β_1,...,k,δ_1,...,k)，输出包括对收款聚合签名的有效性判断，如果

则输出有效，否则拒绝。The payee invokes the aggregate verification algorithm AggVer in the algorithm ψ₂ , and the input includes the public parameter Params, the public key PK₁ ,...,PK_k of each payer, and the aggregate signature pair (β_1,...,k , δ_1,...,k ), the output includes the validity judgment of the collection aggregate signature, if

The output is valid, otherwise it is rejected.

(1)收款方调用算法ψ₂中的验证算法AVer，输入包括公共参数Params、付款方公钥PK_i、付款签名对(γ_i,σ_i)，输出包括对付款签名的有效性判断，如果e(g₁,σ_i)＝e(X_i,H₂(γ_i))，则输出有效，否则拒绝。(1) The payee invokes the verification algorithm_AVer in the algorithm ψ2, the input includes the public parameter Params, the payer's public key PK_i , the payment signature pair (γ_i ,σ_i ), and the output includes the validity judgment of the payment signature, If e(g₁ ,σ_i )=e(X_i ,H₂ (γ_i )), the output is valid, otherwise it is rejected.

(2)输入包括付款方的收款金额m_ij'、锁定金额W_ij、支付金额m_ij，输出包括对支付金额的有效性判断，如果m_ij'+W_ij≥m_ij，则输出有效，否则拒绝。(2) The input includes the payment amount m_ij ' of the payer, the locked amount W_ij , and the payment amount m_ij , and the output includes the validity judgment of the payment amount. If m_ij '+W_ij ≥ m_ij , the output is valid, Otherwise refuse.

(3)如果以上四项均输出有效，则支付被接受，否则支付被拒绝。(3) If the above four items are all valid, the payment is accepted, otherwise the payment is rejected.

结算模块190：支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额。Settlement module 190: The payment endorser verifies the validity of the prepaid voucher, payment signature and payment amount submitted by each payee, and allocates the balance accordingly.

(1)各收款方把付款方的预付凭证签名对

收款聚合签名对(β_1,...,k,δ_1,...,k)、付款签名对(γ_i,σ_i)提交给支付背书方，请求结算。各收款方提交结算信息给支付背书方可以是明文或密文方式提交。(1) Each payee signs the prepayment certificate of the payer to match

The collection signature pair (β_1,...,k ,δ_1,...,k ) and the payment signature pair (γ_i ,σ_i ) are submitted to the payment endorser to request settlement. The settlement information submitted by each payee to the payment endorser can be submitted in plaintext or ciphertext.

(2)支付背书方接收到收款方的结算请求或达到截止条件T，则通知支付链上各收款方在规定时间内提交结算请求信息，并再次验证收款模块中的四项判断。如果这四项均输出有效，则同意结算并于结算后解锁各付款方剩余的锁定金额，否则拒绝结算；如果在规定时间内其余的收款方没有提交结算请求信息，则仅根据其中一方提交的信息进行结算。(2) The payment endorser receives the settlement request from the payee or reaches the deadline T, and notifies each payee on the payment chain to submit the settlement request information within the specified time, and re-verifies the four judgments in the payee module. If the output of these four items is valid, the settlement will be agreed and the remaining locked amount of each payer will be unlocked after settlement, otherwise the settlement will be refused; if the remaining payees have not submitted the settlement request information within the specified time, only one party will submit information for settlement.

图5是根据本发明一个实施例的安全的细粒度预支付系统装置的流程图。FIG. 5 is a flowchart of a secure fine-grained prepayment system device according to an embodiment of the present invention.

如图5所示，本发明一个实施例的安全的细粒度预支付系统装置，包括：S210：生成系统公共参数、注册机构公钥和私钥、系统参与方公钥和私钥，并根据系统参与方公钥生成账户。系统参与方是指支付背书方、付款方、收款方；S220：系统参与方与注册机构交互生成公钥证书；S230：付款方设置收款方、锁定金额和截止条件预置信息，而收款方作为新付款方设置新预置信息，以此类推，形成离链支付链或环；S240：支付背书方验证付款方公钥证书和预置信息的有效性并发布预付凭证；S250：付款方对支付金额进行签名并把预付凭证与付款签名传递给收款方；S260：收款方验证预付凭证、付款签名以及支付金额的有效性；S270：支付背书方验证各收款方所提交预付凭证、付款签名、支付金额的有效性，并据此分配余额。As shown in FIG. 5 , the secure fine-grained prepayment system device according to an embodiment of the present invention includes: S210 : Generate system public parameters, public and private keys of the registration authority, and public and private keys of system participants, and generate system public parameters according to the system Participant public key generation account. The system participants refer to the payment endorser, payer, and payee; S220: The system participant interacts with the registration authority to generate a public key certificate; S230: The payer sets the payee, the locked amount, and the preset information of the deadline, and the receiver The payer sets new preset information as a new payer, and so on to form an off-chain payment chain or ring; S240: The payment endorser verifies the validity of the payer's public key certificate and the preset information and issues the prepaid certificate; S250: Payment S260: The payee verifies the validity of the prepayment voucher, the payment signature and the payment amount; S270: The payment endorser verifies the prepayment submitted by each payee Voucher, payment signature, validity of payment amount, and balance distribution accordingly.

在一些实施例中，实体机构括注册机构、支付背书方、付款方、收款方。每个实体机构的角色都可能由一个或多个实体合作充任。In some embodiments, the entity includes a registry, a payment endorser, a payer, and a payee. Each entity's role may be filled by one or more entities working together.

步骤S210包括：输入的安全参数，输出系统公共参数；根据所述系统公共参数，所述实体机构运行各自秘钥生成算法，生成各自的私钥和公钥；输入包括公钥、随机数，输出包括一个账户。Step S210 includes: inputting the security parameters, and outputting the system public parameters; according to the system public parameters, the entity organizations run their respective secret key generation algorithms to generate their respective private keys and public keys; the input includes a public key and a random number, and the output includes Include an account.

步骤S220包括：系统参与方向注册机构提交包括参与方公钥，注册机构输入包括公共参数、注册机构私钥、系统参与方公钥，输出包括一个公钥证书。公钥证书的生成可以使用常规签名、代理签名、群签名、环签名，以增强匿名性或可追踪性。常规签名是指满足正确性和不可伪造性的数字签名。Step S220 includes: the system participant submits the public key of the participant to the registration authority, the registration authority input includes public parameters, the private key of the registration authority, and the public key of the system participant, and the output includes a public key certificate. The generation of public key certificates can use regular signatures, proxy signatures, group signatures, ring signatures to enhance anonymity or traceability. A regular signature refers to a digital signature that satisfies correctness and unforgeability.

步骤S230包括：付款方输入包括公共参数、付款方私钥及其账户、收款方公钥及其账户、锁定金额和截止条件，输出包括一个预置信息签名；收款方可作为新的付款方输入包括公共参数、该新的付款方私钥及其账户、新收款方公钥及其账户、新锁定金额和新截止条件，输出包括一个新预置信息签名。Step S230 includes: the payer's input includes public parameters, the payer's private key and its account, the payee's public key and its account, the locked amount and the deadline, and the output includes a preset information signature; the payee can be used as a new payment The party input includes public parameters, the new payer's private key and its account, the new payee's public key and its account, the new locked amount and the new deadline, and the output includes a new preset message signature.

步骤S240包括：支付背书方输入包括公钥、随机数，输出包括一个账户；输入包括公共参数、注册机构公钥、付款方公钥和公钥证书，输出包括对公钥证书的有效性判断；输入包括公共参数、付款方公钥及其账户、收款方公钥及其账户、锁定金额、截止条件，以及预置信息签名，输出包括对预置信息签名的有效性判断；如果以上三项输出的判断均为有效，则输入包括公共参数、支付背书方私钥、付款方公钥及账户、收款方公钥及账户、锁定金额和截止条件，输出包括一个预付凭证，并锁定付款方承诺的相应金额；如果收款方作为新付款方提交新预置信息，则对新预置信息进行以上四步操作，以此类推。Step S240 includes: the input of the payment endorser includes a public key and a random number, and the output includes an account; the input includes public parameters, the public key of the registration authority, the public key of the payer and the public key certificate, and the output includes the validity judgment of the public key certificate; The input includes public parameters, the public key of the payer and its account, the public key of the payee and its account, the locked amount, the deadline, and the preset information signature, and the output includes the validity judgment of the preset information signature; if the above three items are If the judgment of the output is valid, the input includes public parameters, the payment endorser's private key, the payer's public key and account, the payee's public key and account, the locked amount and the deadline, and the output includes a prepaid voucher and locks the payer. The corresponding amount promised; if the payee submits new preset information as a new payer, the above four steps are performed for the new preset information, and so on.

步骤S250包括：付款方输入包括公共参数、付款方私钥、付款方账户、收款方账户、支付金额和随机数，输出包括一个付款签名；付款方把预付凭证与付款签名传递给收款方，并向收款方证明支付金额的有效性。传递方式可以是明文或密文方式。支付金额的有效性证明方法，付款方可以向收款方揭露付款方的收款金额与锁定金额，从而证明收款金额与锁定金额之和大于等于支付金额，也可以使用Paillier公钥加密体制和承诺值证明方法进行证明支付金额的有效性以保护交易隐私。步骤S260包括：收款方输入包括公共参数、支付背书方公钥、付款方公钥及账户、收款方公钥及账户、锁定金额、截止条件、预付凭证，输出包括对预付凭证的有效性判断；输入包括公共参数、付款方公钥、付款方账户、收款方账户、支付金额、随机数、付款签名，输出包括对付款签名的有效性判断；输入包括付款方的收款金额、锁定金额、支付金额，输出包括对支付金额有效性判断；如果以上三项均输出有效，则支付被接受，否则支付被拒绝。最后一项判断中，付款方的收款金额、锁定金额、支付金额的输入方式可以是明文或密文方式，分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行有效性判断。步骤S270包括：支付背书方收集各收款方提交的结算信息，并对结算信息再次进行收款模块中的三项判断；如果这三项判断均输出有效，则同意结算并分据此余额，否则拒绝结算。各收款方提交结算信息给支付背书方可以是明文或密文方式提交，支付背书方分别进行直接判断或用Paillier公钥加密体制和承诺值证明方法进行判断。Step S250 includes: the payer's input includes public parameters, the payer's private key, the payer's account, the payee's account, the payment amount and the random number, and the output includes a payment signature; the payer transmits the prepayment certificate and the payment signature to the payee , and demonstrate to the recipient the validity of the amount paid. The transmission method can be plaintext or ciphertext. The method to prove the validity of the payment amount. The payer can disclose the payment amount and the locked amount of the payer to the payee, so as to prove that the sum of the received amount and the locked amount is greater than or equal to the payment amount. It can also use the Paillier public key encryption system and The Proof of Commitment method is used to prove the validity of the payment amount to protect transaction privacy. Step S260 includes: the payee input includes public parameters, the public key of the payment endorser, the payer public key and account, the payee public key and account, the locked amount, the expiration condition, and the prepaid voucher, and the output includes the validity of the prepaid voucher. Judgment; input includes public parameters, payer public key, payer account, payee account, payment amount, random number, payment signature, output includes validity judgment of payment signature; input includes payer's receiving amount, lock Amount, payment amount, the output includes a judgment on the validity of the payment amount; if the above three items are all valid, the payment is accepted, otherwise the payment is rejected. In the last judgment, the input method of the payer's payment amount, locked amount, and payment amount can be in plaintext or ciphertext, which can be judged directly or by the Paillier public key encryption system and the commitment value proof method. Step S270 includes: the payment endorser collects the settlement information submitted by each payee, and performs three judgments in the collection module again on the settlement information; if the output of these three judgments is all valid, the settlement is agreed and the balance is divided accordingly, Otherwise, the settlement is refused. The settlement information submitted by each payee to the payment endorser can be submitted in plaintext or ciphertext, and the payment endorser makes a direct judgment or uses the Paillier public key encryption system and the commitment value proof method to judge.

本说明书中各个实施例采用递进的方式描述，每个实施例重点说明的都是与其他实施例的不同之处，各个实施例之间相同相似部分互相参见即可。对于实施例公开的系统而言，由于其与实施例公开的方法相对应，所以描述的比较简单，相关之处参见方法部分说明即可。The various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same and similar parts between the various embodiments can be referred to each other. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method.

本文中应用了具体个例对本发明的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本发明的方法及其核心思想；同时，对于本领域的一般技术人员，依据本发明的思想，在具体实施方式及应用范围上均会有改变之处。综上所述，本说明书内容不应理解为对本发明的限制。In this paper, specific examples are used to illustrate the principles and implementations of the present invention. The descriptions of the above embodiments are only used to help understand the methods and core ideas of the present invention; meanwhile, for those skilled in the art, according to the present invention There will be changes in the specific implementation and application scope. In conclusion, the contents of this specification should not be construed as limiting the present invention.

Claims (9)

1. A secure fine-grained pre-payment method, the payment method being applied to a payment system,

the entity organization of the payment system comprises: the system comprises a registration mechanism, a payment endorsement party, a payer and a payee, wherein the role of each entity mechanism is composed of at least one entity;

the payment method comprises the following steps:

acquiring public parameters of the payment system, public keys and private keys of a registration authority and public keys and private keys of system participants, and generating an account according to the public keys of the system participants; the system participants comprise a payment endorsement party, a payer and a payee;

the system participant interacts with a registration authority to obtain a public key certificate;

the payer sets preset information, wherein the preset information comprises a payee, a locked amount and a cut-off condition, and the payee is used as a new payer to set new preset information to form a corresponding off-chain payment chain;

the payment endorsement party verifies the validity of the public key certificate of the payer and the preset information and issues a prepaid certificate;

the payer signs the payment amount and sends the prepaid voucher and payment signature to the payee;

the payee verifies the validity of the prepaid credential, the payment signature, and the payment amount;

and the payment endorsement party verifies the validity of the prepaid voucher, the payment signature and the payment amount sent by each payee and distributes balance.

2. The method of claim 1, wherein the obtaining public parameters of the payment system, public and private keys of a registration authority, public and private keys of system participants, and generating an account according to the public and private keys of the system participants specifically comprises:

calculating public parameters of the payment system according to the security parameters of the payment system;

according to the public parameters of the payment system, the entity mechanism runs respective secret key generation algorithms to generate respective private keys and public keys;

and corresponding to one account according to the public key and the random number.

3. The secure fine-grained prepaid method according to claim 1, wherein the interacting of the system participant and the registration authority to obtain the public key certificate specifically comprises:

the system participant submits a participant public key to the registration authority;

the registration authority obtains a public key certificate according to the public parameters, the private key of the registration authority and the public key of the system participant.

4. The method of claim 1, wherein the payer sets preset information, the preset information includes a payee, a locked amount and a cutoff condition, and the payee sets new preset information as a new payer to form a corresponding off-chain payment chain specifically includes:

the payer obtains a preset information signature according to the public parameters, the private key and the account of the payer, the public key of the payee, the account, the locked amount and the cut-off condition;

and the payee serving as a new payer obtains a new preset information signature according to the public parameters, the new payer private key and account, the new payee public key and account, the new locked amount and the new cut-off condition.

5. The secure fine-grained prepaid method according to claim 1, wherein the payment endorsement verifies the validity of the payer public key certificate and the preset information, and the issuing of the prepaid credential specifically comprises:

the payment endorsement party obtains an account according to the public key and the random number;

judging the validity of the public key certificate according to the public parameter, the public key of the registration authority, the public key of the payer and the public key certificate;

judging the validity of the preset information signature according to the public parameters, the public key and the account of the payer, the public key and the account of the payee, the locked amount, the cut-off condition and the preset information signature;

if the preset information signature and the public key certificate are both valid, obtaining a prepayment certificate according to public parameters, a private key of a payment endorsement party, a public key and account of a payer, a public key and account of a payee, a locked amount and a cut-off condition, and locking the corresponding amount promised by the payer; and if the payee submits the new preset information as a new payer, the operation is executed again on the new preset information, and the like.

6. The secure fine-grained prepaid method of claim 1 wherein the payer signing the payment amount and sending the prepaid credential and payment signature to the payee comprises:

the payer obtains a payment signature according to the public parameters, the payer private key, the payer account, the payee account, the payment amount and the random number;

the payer sends the prepaid voucher and the payment signature to the payee, and proves the validity of the payment amount to the payee;

the validity proving method of the payment amount comprises the following steps: the payer reveals a collection amount and a lock amount of the payer to the payee, and proves that the sum of the collection amount and the lock amount is greater than or equal to the payment amount; the Paillier public key encryption system and the commitment value certification method are used for certifying the validity of the payment amount so as to protect the transaction privacy.

7. The secure fine-grained prepaid method of claim 1, wherein the verifying the validity of the prepaid voucher, the payment signature, and the payment amount by the payee specifically comprises: the payee judges the validity of the prepaid certificate according to the public parameter, the public key of the payment endorsement, the public key and account of the payer, the public key and account of the payee, the locked amount, the cut-off condition and the prepaid certificate;

judging the validity of the payment signature according to the public parameter, the payer public key, the payer account, the payee account, the payment amount, the random number and the payment signature;

judging the validity of the payment amount according to the collection amount, the locking amount and the payment amount of the payer; if the outputs of the three items are effective, the payment is accepted, otherwise, the payment is rejected;

the payment endorsement party verifies the validity of the prepaid vouchers, the payment signatures and the payment amount submitted by each payee, and the step of allocating the balance according to the validity comprises the following steps: the payment endorsement party collects settlement information submitted by each payee and judges the settlement information again in the payment module;

if the three judgments are all output effectively, the settlement is agreed and the balance is divided, otherwise, the settlement is refused; each payee submits settlement information to the payment endorsement party in a plaintext or ciphertext mode, and the payment endorsement party carries out direct judgment or judgment by using a Paillier public key encryption system and a commitment value certification method respectively.

8. A secure fine-grained prepaid arrangement, characterized in that the arrangement comprises:

the initialization module is used for generating system public parameters, a public key and a private key of a registration authority, a public key and a private key of a system participant and generating an account according to the public key of the system participant; the system participants refer to a payment endorsement party, a payment party and a collection party;

the registration module is used for generating a public key certificate by the interaction of a system participant and a registration authority;

the preset module is used for the payer to set the payee, the locked amount and the preset information of the ending condition, the payee is used as a new payer to set the new preset information, and the rest is done in the same way to form an off-chain payment chain or ring;

the verification module is used for verifying the validity of the public key certificate and the preset information of the payer by the payment endorsement party and issuing a prepaid certificate;

the payment module is used for signing the payment amount by the payer and transmitting the prepaid voucher and the payment signature to the payee;

the payment module is used for verifying the validity of the prepaid voucher, the payment signature and the payment amount by the payee;

and the settlement module is used for verifying the validity of the prepaid vouchers, the payment signatures and the payment amount submitted by each payee by the payment endorsement party and distributing balance according to the validity.

9. The secure fine-grained prepaid device according to claim 8, wherein the preset module is configured to input public parameters, private keys of the payer and the account thereof, public keys of the payee and the account thereof, the locking amount and the cutoff condition, and output a preset information signature; the payee as a new payer inputs public parameters, a new payer private key and an account thereof, a new payee public key and an account thereof, a new locked amount and a new cutoff condition, and outputs a signature including new preset information;

the registration module is used for submitting a public key including a participant to a registration authority by a system participant, the registration authority inputs public parameters, a private key of the registration authority and a public key of the system participant and outputs a public key certificate; the generation of the public key certificate uses a conventional signature, a proxy signature, a group signature or a ring signature to enhance anonymity or traceability;

the verification module is used for inputting a public key and a random number by the payment endorsement party and outputting an account; the input comprises public parameters, a public key of a registration authority, a public key of a payer and a public key certificate, and the output comprises validity judgment of the public key certificate; the method comprises the steps of inputting public parameters, a payer public key and an account thereof, a payee public key and an account thereof, a locked amount, a cut-off condition and a preset information signature, and outputting validity judgment of the preset information signature; if the three outputs are valid, inputting public parameters, a private key of a payment endorsement party, a public key and an account of a payer, a public key and an account of a payee, and locking amount and a cut-off condition, outputting a prepaid certificate, and locking the corresponding amount promised by the payer; if the payee is used as a new payer to submit new preset information, the four steps of operation are carried out on the new preset information, and the like;

the payment module is used for inputting public parameters, a payer private key, a payer account, a payee account, a payment amount and a random number by a payer and outputting a payment signature; the payer transmits the prepaid voucher and the payment signature to the payee, and proves the validity of the payment amount to the payee; the transmission mode is a plaintext or ciphertext mode; the payment validity proving method comprises the steps that a payer exposes a collection amount and a locking amount of the payer to a payee, so that the sum of the collection amount and the locking amount is proved to be more than or equal to the payment amount, or the payment validity is proved by using a Paillier public key encryption system and a commitment value proving method to protect transaction privacy;

the collection module is used for a payee to input public parameters, a public key of a payment endorsement, a public key and an account of a payer, a public key and an account of the payee, a locked amount, a cut-off condition and a prepaid certificate and to output validity judgment of the prepaid certificate; the input comprises public parameters, a payer public key, a payer account, a payee account, a payment amount, a random number and a payment signature, and the output comprises validity judgment on the payment signature; inputting the collection amount, the locking amount and the payment amount of the payer, and outputting the payment amount and the validity judgment of the payment amount; if the outputs of the three items are effective, the payment is accepted, otherwise, the payment is rejected; in the last judgment, the input modes of the collection amount, the locking amount and the payment amount of the payer are plaintext or ciphertext modes, and the validity judgment is respectively carried out by direct judgment or a Paillier public key encryption system and a commitment value certification method;

the settlement module is used for the payment endorsement party to collect settlement information submitted by each payee party and judge the settlement information again in the payment module; if the three judgments are all output effectively, the settlement is agreed and the balance is divided, otherwise, the settlement is refused; each payee submits settlement information to the payment endorsement party in a plaintext or ciphertext mode, and the payment endorsement party carries out direct judgment or judgment by using a Paillier public key encryption system and a commitment value certification method respectively.

Images